generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SF Bug Tracker [ 2392304 ] Memory leak in SSDP AdvertiseAndReply

Browse Source 
Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24

	Valgrind reports a memory leak function in AdvertiseAndReply
	(ssdp/ssdp_server.c) in libupnp 1.6.6

	There are continue statements in many places in AdvertiseAndReply. In some
	of those error handling cases the variable nodelist is not free'ed before
	continuing to the next iteration. The next iteration will take care of
	free'ing the nodelist from the previous iteration in most cases, but not
	when breaking out of the for loop after the last element.

	I belive this memory leak can be solved by makeing sure that the rows

	ixmlNodeList_free( nodeList );
	nodeList = NULL;

	are always executed, also in the beginning of the last iteration when we
	found out that there are not more elements.

	==29110== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
	==29110== by 0x5D8DE0E: ixmlNodeList_addToNodeList (nodeList.c:106)
	==29110== by 0x5D8B7E2: ixmlNode_getElementsByTagNameRecursive
	(node.c:1438)
	==29110== by 0x5D8E587: ixmlElement_getElementsByTagName
	(element.c:491)
	==29110== by 0x5B6C0F1: AdvertiseAndReply (ssdp_server.c:201)
	==29110== by 0x5B7AB74: UpnpSendAdvertisement (upnpapi.c:1495)



git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/branches/branch-1.6.x@518 119443c7-1b9e-41f8-b6fc-b9c35fce742c
This commit is contained in:
Marcelo Roberto Jimenez 2010-03-21 21:19:13 +00:00
parent 53d5e61b33
commit 712ed6d2ff
2 changed files with 289 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ChangeLog
View File

@ -2,9 +2,40 @@
Version 1.6.7 Version 1.6.7
******************************************************************************* *******************************************************************************
2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 2392304 ] Memory leak in SSDP AdvertiseAndReply
Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24
Valgrind reports a memory leak function in AdvertiseAndReply
(ssdp/ssdp_server.c) in libupnp 1.6.6
There are continue statements in many places in AdvertiseAndReply. In some
of those error handling cases the variable nodelist is not free'ed before
continuing to the next iteration. The next iteration will take care of
free'ing the nodelist from the previous iteration in most cases, but not
when breaking out of the for loop after the last element.
I belive this memory leak can be solved by makeing sure that the rows
ixmlNodeList_free( nodeList );
nodeList = NULL;
are always executed, also in the beginning of the last iteration when we
found out that there are not more elements.
==29110== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
==29110== by 0x5D8DE0E: ixmlNodeList_addToNodeList (nodeList.c:106)
==29110== by 0x5D8B7E2: ixmlNode_getElementsByTagNameRecursive
(node.c:1438)
==29110== by 0x5D8E587: ixmlElement_getElementsByTagName
(element.c:491)
==29110== by 0x5B6C0F1: AdvertiseAndReply (ssdp_server.c:201)
==29110== by 0x5B7AB74: UpnpSendAdvertisement (upnpapi.c:1495)
2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net> 2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* libupnp and multi-flows scenario patch * libupnp and multi-flows scenario patch
Submited by Carlo Parata from STMicroelectronics. Submited by Carlo Parata from STMicroelectronics.
Hi Roberto and Nektarios, Hi Roberto and Nektarios,
after an analysis of the problem of libupnp with a multi-flows scenario, I after an analysis of the problem of libupnp with a multi-flows scenario, I
noticed that the only cause of the freezed system is the ThreadPool noticed that the only cause of the freezed system is the ThreadPool

184
upnp/src/ssdp/ssdp_server.c
View File

@ -91,7 +91,8 @@ struct SSDPSockArray {
* Returns: int * Returns: int
* UPNP_E_SUCCESS if successful else appropriate error * UPNP_E_SUCCESS if successful else appropriate error
***************************************************************************/ ***************************************************************************/
int AdvertiseAndReply( IN int AdFlag, int AdvertiseAndReply(
IN int AdFlag,
IN UpnpDevice_Handle Hnd, IN UpnpDevice_Handle Hnd,
IN enum SsdpSearchType SearchType, IN enum SsdpSearchType SearchType,
IN struct sockaddr_in *DestAddr, IN struct sockaddr_in *DestAddr,
@ -100,13 +101,14 @@ int AdvertiseAndReply( IN int AdFlag,
IN char *ServiceType, IN char *ServiceType,
int Exp) int Exp)
{ {
int i, int retVal = UPNP_E_SUCCESS;
j; int i;
int j;
int defaultExp = DEFAULT_MAXAGE; int defaultExp = DEFAULT_MAXAGE;
struct Handle_Info *SInfo = NULL; struct Handle_Info *SInfo = NULL;
char UDNstr[100], char UDNstr[100];
devType[100], char devType[100];
servType[100]; char servType[100];
IXML_NodeList *nodeList = NULL; IXML_NodeList *nodeList = NULL;
IXML_NodeList *tmpNodeList = NULL; IXML_NodeList *tmpNodeList = NULL;
IXML_Node *tmpNode = NULL; IXML_Node *tmpNode = NULL;
@ -114,148 +116,123 @@ int AdvertiseAndReply( IN int AdFlag,
IXML_Node *textNode = NULL; IXML_Node *textNode = NULL;
const DOMString tmpStr; const DOMString tmpStr;
char SERVER[200]; char SERVER[200];
const DOMString dbgStr; const DOMString dbgStr;
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Inside AdvertiseAndReply with AdFlag = %d\n",
AdFlag );
// Use a read lock UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Inside AdvertiseAndReply with AdFlag = %d\n", AdFlag);
/* Use a read lock */
HandleReadLock(); HandleReadLock();
if (GetHandleInfo(Hnd, &SInfo) != HND_DEVICE) { if (GetHandleInfo(Hnd, &SInfo) != HND_DEVICE) {
HandleUnlock(); retVal = UPNP_E_INVALID_HANDLE;
return UPNP_E_INVALID_HANDLE; goto end_function;
} }
defaultExp = SInfo->MaxAge; defaultExp = SInfo->MaxAge;
//get server info /* get server info */
get_sdk_info(SERVER); get_sdk_info(SERVER);
// parse the device list and send advertisements/replies /* parse the device list and send advertisements/replies */
for (i = 0;; i++) { for (i = 0;; i++) {
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Entering new device list with i = %d\n\n", i); "Entering new device list with i = %d\n\n", i);
tmpNode = ixmlNodeList_item(SInfo->DeviceList, i); tmpNode = ixmlNodeList_item(SInfo->DeviceList, i);
if( tmpNode == NULL ) { if (!tmpNode) {
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Exiting new device list with i = %d\n\n", i); "Exiting new device list with i = %d\n\n", i);
break; break;
} }
dbgStr = ixmlNode_getNodeName(tmpNode); dbgStr = ixmlNode_getNodeName(tmpNode);
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"Extracting device type once for %s\n", dbgStr); "Extracting device type once for %s\n", dbgStr);
// extract device type
ixmlNodeList_free(nodeList); ixmlNodeList_free(nodeList);
nodeList = NULL;
nodeList = ixmlElement_getElementsByTagName( nodeList = ixmlElement_getElementsByTagName(
(IXML_Element *)tmpNode, "deviceType"); (IXML_Element *)tmpNode, "deviceType");
if( nodeList == NULL ) { if (!nodeList) continue;
continue;
}
dbgStr = ixmlNode_getNodeName( tmpNode );
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting UDN for %s\n", dbgStr); "Extracting UDN for %s\n", dbgStr);
dbgStr = ixmlNode_getNodeName(tmpNode);
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting device type\n"); "Extracting device type\n");
tmpNode2 = ixmlNodeList_item(nodeList, 0); tmpNode2 = ixmlNodeList_item(nodeList, 0);
if( tmpNode2 == NULL ) { if (!tmpNode2) continue;
continue;
}
textNode = ixmlNode_getFirstChild(tmpNode2); textNode = ixmlNode_getFirstChild(tmpNode2);
if( textNode == NULL ) { if (!textNode) continue;
continue;
}
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting device type \n"); "Extracting device type \n");
tmpStr = ixmlNode_getNodeValue(textNode); tmpStr = ixmlNode_getNodeValue(textNode);
if( tmpStr == NULL ) { if (!tmpStr) continue;
continue;
}
strcpy(devType, tmpStr); strcpy(devType, tmpStr);
if( devType == NULL ) {
continue;
}
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Extracting device type = %s\n", devType); "Extracting device type = %s\n", devType);
if( tmpNode == NULL ) { if (!tmpNode) {
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"TempNode is NULL\n"); "TempNode is NULL\n");
} }
dbgStr = ixmlNode_getNodeName(tmpNode); dbgStr = ixmlNode_getNodeName(tmpNode);
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting UDN for %s\n", dbgStr); "Extracting UDN for %s\n", dbgStr);
// extract UDN
ixmlNodeList_free(nodeList); ixmlNodeList_free(nodeList);
nodeList = NULL; nodeList = ixmlElement_getElementsByTagName(
nodeList = ixmlElement_getElementsByTagName( ( IXML_Element * ) (IXML_Element *)tmpNode, "UDN");
tmpNode, "UDN" ); if (!nodeList) {
if( nodeList == NULL ) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" ); __LINE__, "UDN not found!\n");
continue; continue;
} }
tmpNode2 = ixmlNodeList_item(nodeList, 0); tmpNode2 = ixmlNodeList_item(nodeList, 0);
if( tmpNode2 == NULL ) { if (!tmpNode2) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" ); __LINE__, "UDN not found!\n");
continue; continue;
} }
textNode = ixmlNode_getFirstChild(tmpNode2); textNode = ixmlNode_getFirstChild(tmpNode2);
if( textNode == NULL ) { if (!textNode) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" ); __LINE__, "UDN not found!\n");
continue; continue;
} }
tmpStr = ixmlNode_getNodeValue(textNode); tmpStr = ixmlNode_getNodeValue(textNode);
if( tmpStr == NULL ) { if (!tmpStr) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__,
"UDN not found!!!!\n" ); "UDN not found!\n");
continue; continue;
} }
strcpy(UDNstr, tmpStr); strcpy(UDNstr, tmpStr);
if( UDNstr == NULL ) {
continue;
}
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"Sending UDNStr = %s \n", UDNstr); "Sending UDNStr = %s \n", UDNstr);
if (AdFlag) { if (AdFlag) {
// send the device advertisement /* send the device advertisement */
if (AdFlag == 1) { if (AdFlag == 1) {
DeviceAdvertisement(devType, i == 0, DeviceAdvertisement(devType, i == 0,
UDNstr, SInfo->DescURL, Exp); UDNstr, SInfo->DescURL, Exp);
} else { // AdFlag == -1 } else {
/* AdFlag == -1 */
DeviceShutdown(devType, i == 0, UDNstr, DeviceShutdown(devType, i == 0, UDNstr,
SERVER, SInfo->DescURL, Exp); SERVER, SInfo->DescURL, Exp);
} }
} else { } else {
switch (SearchType) { switch (SearchType) {
case SSDP_ALL: case SSDP_ALL:
DeviceReply( DestAddr, DeviceReply(DestAddr, devType, i == 0,
devType, i == 0,
UDNstr, SInfo->DescURL, defaultExp); UDNstr, SInfo->DescURL, defaultExp);
break; break;
case SSDP_ROOTDEVICE: case SSDP_ROOTDEVICE:
if (i == 0) { if (i == 0) {
SendReply(DestAddr, devType, 1, SendReply(DestAddr, devType, 1,
UDNstr, SInfo->DescURL, defaultExp, 0); UDNstr, SInfo->DescURL, defaultExp, 0);
} }
break; break;
case SSDP_DEVICEUDN: case SSDP_DEVICEUDN: {
{ if (DeviceUDN && strlen(DeviceUDN) != 0) {
if( DeviceUDN != NULL && strlen( DeviceUDN ) != 0 ) {
if (strcasecmp(DeviceUDN, UDNstr)) { if (strcasecmp(DeviceUDN, UDNstr)) {
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"DeviceUDN=%s and search " "DeviceUDN=%s and search "
@ -274,11 +251,8 @@ int AdvertiseAndReply( IN int AdFlag,
} }
} }
} }
case SSDP_DEVICETYPE: case SSDP_DEVICETYPE: {
{ if (!strncasecmp(DeviceType, devType, strlen(DeviceType))) {
if( !strncasecmp
( DeviceType, devType,
strlen( DeviceType ) ) ) {
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"DeviceType=%s and search devType=%s MATCH\n", "DeviceType=%s and search devType=%s MATCH\n",
devType, DeviceType); devType, DeviceType);
@ -296,64 +270,50 @@ int AdvertiseAndReply( IN int AdFlag,
break; break;
} }
} }
// send service advertisements for services corresponding /* send service advertisements for services corresponding
// to the same device * to the same device */
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"Sending service Advertisement\n"); "Sending service Advertisement\n");
tmpNode = ixmlNodeList_item(SInfo->ServiceList, i); tmpNode = ixmlNodeList_item(SInfo->ServiceList, i);
if( tmpNode == NULL ) { if (!tmpNode) continue;
continue;
}
ixmlNodeList_free(nodeList); ixmlNodeList_free(nodeList);
nodeList = NULL; nodeList = ixmlElement_getElementsByTagName(
nodeList = ixmlElement_getElementsByTagName( ( IXML_Element * ) (IXML_Element *)tmpNode, "service");
tmpNode, "service" ); if (!nodeList) {
if( nodeList == NULL ) {
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"Service not found 3\n" ); "Service not found 3\n" );
continue; continue;
} }
for (j = 0;; j++) { for (j = 0;; j++) {
tmpNode = ixmlNodeList_item(nodeList, j); tmpNode = ixmlNodeList_item(nodeList, j);
if( tmpNode == NULL ) { if (!tmpNode) {
break; break;
} }
ixmlNodeList_free(tmpNodeList); ixmlNodeList_free(tmpNodeList);
tmpNodeList = NULL;
tmpNodeList = ixmlElement_getElementsByTagName( tmpNodeList = ixmlElement_getElementsByTagName(
(IXML_Element *)tmpNode, "serviceType"); (IXML_Element *)tmpNode, "serviceType");
if( tmpNodeList == NULL ) { if (!tmpNodeList) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__,
"ServiceType not found \n"); "ServiceType not found \n");
continue; continue;
} }
tmpNode2 = ixmlNodeList_item(tmpNodeList, 0); tmpNode2 = ixmlNodeList_item(tmpNodeList, 0);
if( tmpNode2 == NULL ) { if (!tmpNode2) continue;
continue;
}
textNode = ixmlNode_getFirstChild(tmpNode2); textNode = ixmlNode_getFirstChild(tmpNode2);
if( textNode == NULL ) { if (!textNode) continue;
continue; /* servType is of format Servicetype:ServiceVersion */
}
// servType is of format Servicetype:ServiceVersion
tmpStr = ixmlNode_getNodeValue(textNode); tmpStr = ixmlNode_getNodeValue(textNode);
if( tmpStr == NULL ) { if (!tmpStr) continue;
continue;
}
strcpy(servType, tmpStr); strcpy(servType, tmpStr);
if( servType == NULL ) {
continue;
}
UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"ServiceType = %s\n", servType); "ServiceType = %s\n", servType);
if (AdFlag) { if (AdFlag) {
if (AdFlag == 1) { if (AdFlag == 1) {
ServiceAdvertisement(UDNstr, servType, ServiceAdvertisement(UDNstr, servType,
SInfo->DescURL, Exp); SInfo->DescURL, Exp);
} else { // AdFlag == -1 } else {
/* AdFlag == -1 */
ServiceShutdown(UDNstr, servType, ServiceShutdown(UDNstr, servType,
SInfo->DescURL, Exp); SInfo->DescURL, Exp);
} }
@ -365,20 +325,16 @@ int AdvertiseAndReply( IN int AdFlag,
defaultExp); defaultExp);
break; break;
case SSDP_SERVICE: case SSDP_SERVICE:
if( ServiceType != NULL ) { if (ServiceType) {
if( !strncasecmp( ServiceType, if (!strncasecmp(ServiceType, servType, strlen(ServiceType))) {
servType,
strlen( ServiceType ) ) ) {
ServiceReply(DestAddr, servType, ServiceReply(DestAddr, servType,
UDNstr, SInfo->DescURL, UDNstr, SInfo->DescURL, defaultExp);
defaultExp );
} }
} }
break; break;
default: default:
break; break;
} // switch(SearchType) }
} }
} }
ixmlNodeList_free(tmpNodeList); ixmlNodeList_free(tmpNodeList);
@ -386,14 +342,18 @@ int AdvertiseAndReply( IN int AdFlag,
ixmlNodeList_free(nodeList); ixmlNodeList_free(nodeList);
nodeList = NULL; nodeList = NULL;
} }
end_function:
ixmlNodeList_free(tmpNodeList);
ixmlNodeList_free(nodeList);
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Exiting AdvertiseAndReply : \n" ); "Exiting AdvertiseAndReply.\n");
HandleUnlock(); HandleUnlock();
return UPNP_E_SUCCESS; return retVal;
}
} /****************** End of AdvertiseAndReply *********************/
#endif /* EXCLUDE_SSDP == 0 */ #endif /* EXCLUDE_SSDP == 0 */
#endif /* INCLUDE_DEVICE_APIS */ #endif /* INCLUDE_DEVICE_APIS */