Double free memory error fix (tcp, LWIP port)

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Double free memory error fix (tcp, LWIP port)

Anonymous
Not applicable
‎Dec 08, 2016 09:04 AM
‎Dec 08, 2016 09:04 AM

SDKs until  wiced4(not using LWIP)

This error(crash) maybe can occurs in any place (http, mqtt....) when netconn_connect return error.

wiced_result_t wiced_tcp_connect( wiced_tcp_socket_t* socket, const wiced_ip_address_t* address, uint16_t port, uint32_t timeout )

{

    uint32_t temp;

    err_t    lwip_error;

    UNUSED_PARAMETER( timeout );

    wiced_assert("Bad args", (socket != NULL) && (address != NULL));

    WICED_LINK_CHECK( socket->interface );

    temp = htonl(GET_IPV4_ADDRESS(*address));

    if ( socket->conn_handler == NULL )

    {

        socket->conn_handler = netconn_new( NETCONN_TCP );

        if ( socket->conn_handler == NULL )

        {

            return WICED_SOCKET_CREATE_FAIL;

        }

        socket->is_bound = WICED_TRUE;

    }

    /* To avoid silent truncation of 32-bit timeout variable to 16-bit value

    saturating the timeout value to 65535(0xFFFF) */

    if ( timeout > WICED_LWIP_CONNECTION_TIMEOUT_MAX )

    {

        timeout = WICED_LWIP_CONNECTION_TIMEOUT_MAX;

        WPRINT_NETWORK_INFO(("Timeout 32-bit value has been truncated to a 16-bit value\n"));

    }

    lwip_error = netconn_connect( socket->conn_handler, (ip_addr_t*) &temp, port, (uint16_t) timeout );

    if ( lwip_error != ERR_OK )

    {

        netconn_delete( socket->conn_handler );

        socket->conn_handler = NULL;//darius deleted so need mark as null

        return LWIP_TO_WICED_ERR( lwip_error );

    }

    socket->conn_handler->pcb.tcp->flags &= (uint8_t) ( ~TF_NODELAY );

    if ( socket->tls_context != NULL )

    {

        wiced_result_t result = wiced_tcp_start_tls( socket, WICED_TLS_AS_CLIENT, WICED_TLS_DEFAULT_VERIFICATION );

        if ( result != WICED_SUCCESS)

        {

            netconn_delete( socket->conn_handler );

            socket->conn_handler = NULL;//

            return result;

        }

    }

    socket->socket_state = WICED_SOCKET_CONNECTED;

    return WICED_SUCCESS;

}

wiced_result_t wiced_tcp_delete_socket( wiced_tcp_socket_t* socket )

{

    err_t res;

    wiced_assert("Bad args", socket != NULL);

#ifndef WICED_DISABLE_TLS

    if ( socket->tls_context != NULL )

    {

        wiced_tls_close_notify( socket );

        wiced_tls_deinit_context( socket->tls_context );

        if ( socket->context_malloced == WICED_TRUE )

        {

            free( socket->tls_context );

            socket->tls_context = NULL;

            socket->context_malloced = WICED_FALSE;

        }

    }

#endif /* ifndef WICED_DISABLE_TLS */

    if(socket->conn_handler != NULL)//darius test before, maybe was deleted

    {

        res = netconn_delete( socket->conn_handler );

        if ( res != ERR_OK )

        {

            socket->conn_handler = NULL;

            return LWIP_TO_WICED_ERR( res );

        }

    }

    if ( socket->accept_handler != NULL )

    {

        netconn_delete( socket->accept_handler );

    }

    socket->accept_handler = NULL;

    socket->conn_handler   = NULL;

    socket->is_bound       = WICED_FALSE;

    return WICED_TCPIP_SUCCESS;

}

Labels
Subscribe
0 Replies