New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
代码中存在Memory Double Free问题 #10
Comments
感谢指出问题。回复如下:
所以double free应该没关系,但是在代码中确实会形成double free的现象,后面会想办法优化,再次感谢! |
感谢回复!!
所以想请教一下,感谢!! |
|
HAL_Free和IOT_Template_Destroy函数在free指针内存之后,并没有对指针置空,所以在连续调用这两个函数时,尽管进行了空指针检查,但是并没有对已释放的指针置空,所以还是会存在double free问题。
|
感谢指出,下一版本修复。 |
https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/samples/asr/asr_data_template_sample.c
DF问题:在main函数的第407行,调用了_register_data_template_property函数;在_register_data_template_property函数的214行中,如果rc!=QCLOUD_RET_SUCCESS,则调用IOT_Template_Destroy对参数1(即main函数中的data_template_client)进行释放;之后,main函数进入210的else分支,并跳转到exit;exit中在514行,调用IOT_Template_Destroy对data_template_client进行了而此释放,造成了double free安全问题。
https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/samples/data_template/data_template_sample.c
DF问题:同上,client在_register_data_template_property中被释放(273行IOT_Template_Destroy),之后在main函数中的exit跳转中又再次被释放(521行IOT_Template_Destroy),造成Memory Double Free安全问题。
https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/samples/scenarized/light_data_template_sample.c
DF问题:同上,client在_register_data_template_property中被释放482行IOT_Template_Destroy),之后在main函数中的exit跳转中又再次被释放837行IOT_Template_Destroy),造成Memory Double Free安全问题。
https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/samples/ota/ota_mqtt_sample.c
DF问题:在第295行已经释放了version内存,但在第300行又再次释放version,造成double free安全问题。
https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/sdk_src/services/data_template/data_template_client.c
DF问题:在869行,pTemplate在IOT_Template_Destroy中通过HAL_Free进行释放,但在870行中pTemplate被HAL_Free进行二次释放,造成double free安全问题。
The text was updated successfully, but these errors were encountered: