Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#619] core: Fix segfault during observe error callback #620

Merged
merged 1 commit into from
Aug 25, 2021
Merged

[#619] core: Fix segfault during observe error callback #620

merged 1 commit into from
Aug 25, 2021

Conversation

mlasch
Copy link
Contributor

@mlasch mlasch commented Jul 22, 2021

This PR fixes a NULL pointer access in prv_obsRequestCallback and prv_obsCancelRequestCallback which occurred when the requests timed out. The block transfer checks were re-ordered such that the pointer now is checked before it is accessed.

This should solve #619

@mlasch
Copy link
Contributor Author

mlasch commented Jul 22, 2021

@tuve can you have a look at this PR?

@mlasch
Copy link
Contributor Author

mlasch commented Jul 23, 2021

@shabunin feel free to review.

@shabunin
Copy link

@mlasch thank you for your work.
Indeed, no segfault anymore.
Tested two cases: first, when observe request timeout triggers before device monitoring callback 202_deleted and, second, when observe 500 error called after device was removed.
In both cases everything is fine and in second case I can freely deallocate userData for existing observations from deleted clientP because our troubled observation is not present in that list.

@mlasch mlasch requested a review from tuve July 30, 2021 07:44
shabunin
shabunin suggested changes Aug 4, 2021
View reviewed changes
core/observe.c Outdated
NULL,
LWM2M_CONTENT_TEXT, NULL, 0,
observationData->userData);
observationData->callback(contextP, observationData->client, &observationData->uri, COAP_202_DELETED, NULL,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there point to run callback with new observation data?

Mayhaps is better to run old callback of found observation with it's data?

observationP->callback(contextP, observationP->clientP->internalID, &observationP->uri,
                             COAP_202_DELETED,
                             NULL, LWM2M_CONTENT_TEXT, NULL, 0, observationP->userData);

I understand that yours change was only formatting, anyway

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is formatting only as a result of running clang-format. Frankly, I am not a 100% sure how to reach this code. It looks like the callback is triggered in an edge case to be able to free observation userData in the callback, if you provided a pointer to userData on the heap when starting the observation with lwm2m_observe(...) (however, this is not used by the server example). I updated the PR to remove the "formatting only" changes to keep the history a bit cleaner.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can reach it by sending second obervation request for the same object.
New observation replaces the old one and old callback will not be called for every new observed value.

I assume previous userData should be freed in observe callback:

if (dataLength == 0 && status == COAP_202_DELETED) {
    free((mystruct_t *)userData);
}

Currently, if I do this, fresh memory allocation is destroyed, not the old on.

This is not related to #619, should I open new issue?

Thanks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we should track that in a new issue, so this can be closed.

@mlasch mlasch force-pushed the observation-retransmission-segfault branch 2 times, most recently from c2a6974 to 40727d8 Compare August 24, 2021 09:26
@mlasch
[eclipse-wakaama#619] core: Fix segfault during observe error callback
cd31008 
Fix segfault when observation and observation cancel request exceed
max retries. Check message for NULL pointer prior to accessing in
error handling callback.

Signed-off-by: Marc Lasch <marc.lasch@husqvarnagroup.com>
@mlasch mlasch force-pushed the observation-retransmission-segfault branch from 40727d8 to cd31008 Compare August 25, 2021 16:18
@mlasch mlasch merged commit 10d5b72 into eclipse-wakaama:master Aug 25, 2021
@mlasch mlasch deleted the observation-retransmission-segfault branch August 25, 2021 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shabunin shabunin shabunin requested changes

@tuve tuve tuve approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mlasch @shabunin @tuve