0 Replies Latest reply on Dec 13, 2016 2:09 PM by userc_26019

    Double free memory error fix (tcp, LWIP port)

      SDKs until  wiced4(not using LWIP)

      This error(crash) maybe can occurs in any place (http, mqtt....) when netconn_connect return error.

       

      wiced_result_t wiced_tcp_connect( wiced_tcp_socket_t* socket, const wiced_ip_address_t* address, uint16_t port, uint32_t timeout )

      {

          uint32_t temp;

          err_t    lwip_error;

          UNUSED_PARAMETER( timeout );

       

          wiced_assert("Bad args", (socket != NULL) && (address != NULL));

       

          WICED_LINK_CHECK( socket->interface );

       

          temp = htonl(GET_IPV4_ADDRESS(*address));

          if ( socket->conn_handler == NULL )

          {

              socket->conn_handler = netconn_new( NETCONN_TCP );

              if ( socket->conn_handler == NULL )

              {

                  return WICED_SOCKET_CREATE_FAIL;

              }

              socket->is_bound = WICED_TRUE;

          }

          /* To avoid silent truncation of 32-bit timeout variable to 16-bit value

          saturating the timeout value to 65535(0xFFFF) */

          if ( timeout > WICED_LWIP_CONNECTION_TIMEOUT_MAX )

          {

              timeout = WICED_LWIP_CONNECTION_TIMEOUT_MAX;

              WPRINT_NETWORK_INFO(("Timeout 32-bit value has been truncated to a 16-bit value\n"));

          }

       

          lwip_error = netconn_connect( socket->conn_handler, (ip_addr_t*) &temp, port, (uint16_t) timeout );

          if ( lwip_error != ERR_OK )

          {

              netconn_delete( socket->conn_handler );

              socket->conn_handler = NULL;//darius deleted so need mark as null

              return LWIP_TO_WICED_ERR( lwip_error );

          }

       

          socket->conn_handler->pcb.tcp->flags &= (uint8_t) ( ~TF_NODELAY );

       

          if ( socket->tls_context != NULL )

          {

              wiced_result_t result = wiced_tcp_start_tls( socket, WICED_TLS_AS_CLIENT, WICED_TLS_DEFAULT_VERIFICATION );

              if ( result != WICED_SUCCESS)

              {

                  netconn_delete( socket->conn_handler );

                  socket->conn_handler = NULL;//

                  return result;

              }

          }

       

          socket->socket_state = WICED_SOCKET_CONNECTED;

       

          return WICED_SUCCESS;

      }

       

      wiced_result_t wiced_tcp_delete_socket( wiced_tcp_socket_t* socket )

      {

          err_t res;

       

          wiced_assert("Bad args", socket != NULL);

       

      #ifndef WICED_DISABLE_TLS

          if ( socket->tls_context != NULL )

          {

              wiced_tls_close_notify( socket );

       

              wiced_tls_deinit_context( socket->tls_context );

       

              if ( socket->context_malloced == WICED_TRUE )

              {

                  free( socket->tls_context );

                  socket->tls_context = NULL;

                  socket->context_malloced = WICED_FALSE;

              }

          }

      #endif /* ifndef WICED_DISABLE_TLS */

       

          if(socket->conn_handler != NULL)//darius test before, maybe was deleted

          {

              res = netconn_delete( socket->conn_handler );

              if ( res != ERR_OK )

              {

                  socket->conn_handler = NULL;

                  return LWIP_TO_WICED_ERR( res );

              }

          }

       

          if ( socket->accept_handler != NULL )

          {

              netconn_delete( socket->accept_handler );

          }

       

          socket->accept_handler = NULL;

          socket->conn_handler   = NULL;

          socket->is_bound       = WICED_FALSE;

       

          return WICED_TCPIP_SUCCESS;

      }