Commit 15a3407d authored by Slava Monich's avatar Slava Monich

[wifi] Clear wifi_bss -> wifi_network pointers on delete. JB#47990

When WiFi is being turned off, wifi_network is getting deallocated before
wifi_bss, causing crashes like this one:

   Invalid read of size 4
      at 0x3496E: wifi_network_update_strength (sailfish_wifi.c:1626)
      by 0x36A8D: wifi_device_bss_signal_changed (sailfish_wifi.c:2908)
      by 0x4CB06E7: _g_closure_invoke_va (gclosure.c)
      by 0x4CC3EF7: g_signal_emit_valist (gsignal.c)
      by 0x4CC42EB: g_signal_emit (gsignal.c)
      by 0x4B591F1: gsupplicant_bss_signal_property_change (gsupplicant_bss.c)
      ...
   Address 0x68b0038 is 8 bytes inside a block of size 100 free'd
      at 0x48432B0: free (vg_replace_malloc.c)
      by 0x34D75: wifi_network_delete (sailfish_wifi.c:1763)
      by 0x35321: wifi_device_delete_network (sailfish_wifi.c:2009)
      by 0x3538D: wifi_device_remove_all_networks_cb (sailfish_wifi.c:2036)
      by 0x4D434B3: g_slist_foreach (gslist.c)
      by 0x353BB: wifi_device_remove_all_networks (sailfish_wifi.c:2042)
      by 0x3895B: wifi_device_set_state (sailfish_wifi.c:3952)
      by 0x387D3: wifi_device_disable (sailfish_wifi.c:3883)
      by 0x39263: wifi_device_driver_disable (sailfish_wifi.c:4307)
      by 0x512AF: __connman_device_disable (device.c:265)
      by 0x8B3AB: technology_affect_devices (technology.c:742)
      by 0x8B835: technology_disable (technology.c:901)
      by 0x8BABF: set_powered (technology.c:1017)
      by 0x8BFA7: set_property (technology.c:1165)
      ...
parent c4ac4802
......@@ -652,6 +652,11 @@ static void wifi_bss_destroy(gpointer value)
wifi_bss_free(value);
}
static void wifi_bss_clear_net(gpointer value)
{
((struct wifi_bss *)value)->net = NULL;
}
static gboolean wifi_bss_ident_update(struct wifi_bss *bss_data)
{
if (bss_data) {
......@@ -1757,7 +1762,7 @@ static void wifi_network_delete(struct wifi_network *net)
connman_network_unref(net->network);
gsupplicant_bss_unref(net->connecting_to);
gsupplicant_bss_unref(net->current_bss);
g_slist_free(net->bss_list);
g_slist_free_full(net->bss_list, wifi_bss_clear_net);
g_free(net->ident);
g_free(net->last_passphrase);
g_slice_free(struct wifi_network, net);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment