neardal: lib: fix random memory corruption

This commit includes a neardal patch to fix
the random segfault seen on agl-service-nfc.

The problem (random memory corruption)
was due to invalid access to freed
memory on neardal library.

The proposed fix has been submitted upstream
and this commit is only a temporary measure
while the solution is not provided directly from
neardal repo.

Bug-AGL: SPEC-1976
Change-Id: I21984cb8135537ff1232a4387a31688e1a140642
Signed-off-by: raquel medina <raquel.medina@konsulko.com>
(cherry picked from commit 9a66246d00e88cf44456efae734a7a12c63f4689)

diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch
new file mode 100644 (file)
index 0000000..d40d9a4
--- /dev/null
+++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch
@@ -0,0 +1,58 @@
+From ee6267f357b3d158f0a0e88460782e8b9d44274a Mon Sep 17 00:00:00 2001
+From: Raquel Medina <raquel.medina@konsulko.com>
+Date: Fri, 4 Jan 2019 07:43:03 -0500
+Subject: [PATCH] neardal: lib: fix memory corruption
+
+ The current commit fixes an invalid memory  access
+ which manifests as a random segfault  when executing
+ continuous tag read operations.
+
+ The corruption happens when releasing the  memory allocated to a
+ record: in the time between  the memory being g_free'd and the
+ subsequent memset  operation, the memory could have been reused by
+ some  other process. And since memory allocation  depends on
+ system-wide factors, it makes this bug hard to track.
+
+ Tested using ACR122U reader and NTAG213
+ tags on Automotive Grade Linux (flounder,
+ guppy and master branches)
+
+Signed-off-by: Raquel Medina <raquel.medina@konsulko.com>
+---
+ lib/neardal_record.c | 1 -
+ lib/neardal_tools.c  | 5 ++++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/neardal_record.c b/lib/neardal_record.c
+index 669012c..cfed5e8 100644
+--- a/lib/neardal_record.c
++++ b/lib/neardal_record.c
+@@ -31,7 +31,6 @@ void neardal_record_free(neardal_record *r)
+ {
+       g_return_if_fail(r);
+       neardal_g_strfreev((void **) r, &r->uriObjSize);
+-      memset(r, 0, sizeof(*r));
+ }
+ 
+ void neardal_free_record(neardal_record *record) \
+diff --git a/lib/neardal_tools.c b/lib/neardal_tools.c
+index f0d6157..f307df6 100644
+--- a/lib/neardal_tools.c
++++ b/lib/neardal_tools.c
+@@ -32,9 +32,12 @@
+ void neardal_g_strfreev(void **array, void *end)
+ {
+       void **p = array;
+-      for (; (void *) p < end; p++)
++      for (; (void *) p < end; p++) {
+               g_free(*p);
++              *p = NULL;
++      }
+       g_free(array);
++      array = NULL;
+ }
+ 
+ void neardal_g_variant_add_parsed(GVariant **v, const char *format, ...)
+-- 
+2.17.1
+

diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
index 022e54e..8bec79e 100644 (file)
--- a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
+++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
@@ -2,7 +2,8 @@ require neardal.inc
 
 SRC_URI = "https://github.com/connectivity/neardal/archive/${PV}.tar.gz \
        file://ncl.patch \
-    file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch \
-    "
+       file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch  \
+       file://0002-neardal-lib-fix-memory-corruption.patch             \
+       "
 SRC_URI[md5sum] = "3dbda58253ca30ee6a7a7573eaa68f40"
 SRC_URI[sha256sum] = "157d320bd831d91a82203d9697d2d2a2cebdb515d6e1c4ce04fe8ef27d1da615"