generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SF Bug Tracker [ 2392304 ] Memory leak in SSDP AdvertiseAndReply

Browse Source 
Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24

	Valgrind reports a memory leak function in AdvertiseAndReply
	(ssdp/ssdp_server.c) in libupnp 1.6.6

	There are continue statements in many places in AdvertiseAndReply. In some
	of those error handling cases the variable nodelist is not free'ed before
	continuing to the next iteration. The next iteration will take care of
	free'ing the nodelist from the previous iteration in most cases, but not
	when breaking out of the for loop after the last element.

	I belive this memory leak can be solved by makeing sure that the rows

	ixmlNodeList_free( nodeList );
	nodeList = NULL;

	are always executed, also in the beginning of the last iteration when we
	found out that there are not more elements.

	==29110== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
	==29110== by 0x5D8DE0E: ixmlNodeList_addToNodeList (nodeList.c:106)
	==29110== by 0x5D8B7E2: ixmlNode_getElementsByTagNameRecursive
	(node.c:1438)
	==29110== by 0x5D8E587: ixmlElement_getElementsByTagName
	(element.c:491)
	==29110== by 0x5B6C0F1: AdvertiseAndReply (ssdp_server.c:201)
	==29110== by 0x5B7AB74: UpnpSendAdvertisement (upnpapi.c:1495)



git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/branches/branch-1.6.x@518 119443c7-1b9e-41f8-b6fc-b9c35fce742c
This commit is contained in:
Marcelo Roberto Jimenez 2010-03-21 21:19:13 +00:00
parent 53d5e61b33
commit 712ed6d2ff
2 changed files with 289 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
ChangeLog
View File

@ -2,17 +2,48 @@
Version 1.6.7 Version 1.6.7
******************************************************************************* *******************************************************************************
2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 2392304 ] Memory leak in SSDP AdvertiseAndReply
Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24
Valgrind reports a memory leak function in AdvertiseAndReply
(ssdp/ssdp_server.c) in libupnp 1.6.6
There are continue statements in many places in AdvertiseAndReply. In some
of those error handling cases the variable nodelist is not free'ed before
continuing to the next iteration. The next iteration will take care of
free'ing the nodelist from the previous iteration in most cases, but not
when breaking out of the for loop after the last element.
I belive this memory leak can be solved by makeing sure that the rows
ixmlNodeList_free( nodeList );
nodeList = NULL;
are always executed, also in the beginning of the last iteration when we
found out that there are not more elements.
==29110== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
==29110== by 0x5D8DE0E: ixmlNodeList_addToNodeList (nodeList.c:106)
==29110== by 0x5D8B7E2: ixmlNode_getElementsByTagNameRecursive
(node.c:1438)
==29110== by 0x5D8E587: ixmlElement_getElementsByTagName
(element.c:491)
==29110== by 0x5B6C0F1: AdvertiseAndReply (ssdp_server.c:201)
==29110== by 0x5B7AB74: UpnpSendAdvertisement (upnpapi.c:1495)
2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net> 2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* libupnp and multi-flows scenario patch * libupnp and multi-flows scenario patch
Submited by Carlo Parata from STMicroelectronics. Submited by Carlo Parata from STMicroelectronics.
Hi Roberto and Nektarios,
after an analysis of the problem of libupnp with a multi-flows scenario, I Hi Roberto and Nektarios,
noticed that the only cause of the freezed system is the ThreadPool after an analysis of the problem of libupnp with a multi-flows scenario, I
management. There are not mutex problems. In practise, if all threads in the noticed that the only cause of the freezed system is the ThreadPool
thread pool are busy executing jobs, a new worker thread should be created if management. There are not mutex problems. In practise, if all threads in the
a job is scheduled (I inspired to tombupnp library). So I solved the problem thread pool are busy executing jobs, a new worker thread should be created if
with a little patch in threadutil library that you can find attached in this a job is scheduled (I inspired to tombupnp library). So I solved the problem
e-mail. I hope to have helped you. with a little patch in threadutil library that you can find attached in this
e-mail. I hope to have helped you.
2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net> 2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2964973 ] install: will not overwrite just-created * SF Patch Tracker [ 2964973 ] install: will not overwrite just-created

374
upnp/src/ssdp/ssdp_server.c
View File

@ -91,22 +91,24 @@ struct SSDPSockArray {
* Returns: int * Returns: int
* UPNP_E_SUCCESS if successful else appropriate error * UPNP_E_SUCCESS if successful else appropriate error
***************************************************************************/ ***************************************************************************/
int AdvertiseAndReply( IN int AdFlag, int AdvertiseAndReply(
IN int AdFlag,
IN UpnpDevice_Handle Hnd, IN UpnpDevice_Handle Hnd,
IN enum SsdpSearchType SearchType, IN enum SsdpSearchType SearchType,
IN struct sockaddr_in *DestAddr, IN struct sockaddr_in *DestAddr,
IN char *DeviceType, IN char *DeviceType,
IN char *DeviceUDN, IN char *DeviceUDN,
IN char *ServiceType, IN char *ServiceType,
int Exp ) int Exp)
{ {
int i, int retVal = UPNP_E_SUCCESS;
j; int i;
int j;
int defaultExp = DEFAULT_MAXAGE; int defaultExp = DEFAULT_MAXAGE;
struct Handle_Info *SInfo = NULL; struct Handle_Info *SInfo = NULL;
char UDNstr[100], char UDNstr[100];
devType[100], char devType[100];
servType[100]; char servType[100];
IXML_NodeList *nodeList = NULL; IXML_NodeList *nodeList = NULL;
IXML_NodeList *tmpNodeList = NULL; IXML_NodeList *tmpNodeList = NULL;
IXML_Node *tmpNode = NULL; IXML_Node *tmpNode = NULL;
@ -114,181 +116,153 @@ int AdvertiseAndReply( IN int AdFlag,
IXML_Node *textNode = NULL; IXML_Node *textNode = NULL;
const DOMString tmpStr; const DOMString tmpStr;
char SERVER[200]; char SERVER[200];
const DOMString dbgStr; const DOMString dbgStr;
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Inside AdvertiseAndReply with AdFlag = %d\n",
AdFlag );
// Use a read lock UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Inside AdvertiseAndReply with AdFlag = %d\n", AdFlag);
/* Use a read lock */
HandleReadLock(); HandleReadLock();
if( GetHandleInfo( Hnd, &SInfo ) != HND_DEVICE ) { if (GetHandleInfo(Hnd, &SInfo) != HND_DEVICE) {
HandleUnlock(); retVal = UPNP_E_INVALID_HANDLE;
return UPNP_E_INVALID_HANDLE; goto end_function;
} }
defaultExp = SInfo->MaxAge; defaultExp = SInfo->MaxAge;
//get server info /* get server info */
get_sdk_info(SERVER);
get_sdk_info( SERVER ); /* parse the device list and send advertisements/replies */
for (i = 0;; i++) {
// parse the device list and send advertisements/replies UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
for( i = 0;; i++ ) { "Entering new device list with i = %d\n\n", i);
tmpNode = ixmlNodeList_item(SInfo->DeviceList, i);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, if (!tmpNode) {
"Entering new device list with i = %d\n\n", i ); UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Exiting new device list with i = %d\n\n", i);
tmpNode = ixmlNodeList_item( SInfo->DeviceList, i );
if( tmpNode == NULL ) {
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Exiting new device list with i = %d\n\n", i );
break; break;
} }
dbgStr = ixmlNode_getNodeName(tmpNode);
dbgStr = ixmlNode_getNodeName( tmpNode ); UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, "Extracting device type once for %s\n", dbgStr);
"Extracting device type once for %s\n", dbgStr ); ixmlNodeList_free(nodeList);
// extract device type
ixmlNodeList_free( nodeList );
nodeList = NULL;
nodeList = ixmlElement_getElementsByTagName( nodeList = ixmlElement_getElementsByTagName(
( IXML_Element * ) tmpNode, "deviceType" ); (IXML_Element *)tmpNode, "deviceType");
if( nodeList == NULL ) { if (!nodeList) continue;
continue;
}
dbgStr = ixmlNode_getNodeName( tmpNode ); UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting UDN for %s\n", dbgStr);
dbgStr = ixmlNode_getNodeName(tmpNode);
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting device type\n");
tmpNode2 = ixmlNodeList_item(nodeList, 0);
if (!tmpNode2) continue;
textNode = ixmlNode_getFirstChild(tmpNode2);
if (!textNode) continue;
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Extracting device type \n");
tmpStr = ixmlNode_getNodeValue(textNode);
if (!tmpStr) continue;
strcpy(devType, tmpStr);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Extracting UDN for %s\n", dbgStr ); "Extracting device type = %s\n", devType);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, if (!tmpNode) {
"Extracting device type\n" ); UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"TempNode is NULL\n");
}
dbgStr = ixmlNode_getNodeName(tmpNode);
tmpNode2 = ixmlNodeList_item( nodeList, 0 ); UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
if( tmpNode2 == NULL ) { "Extracting UDN for %s\n", dbgStr);
ixmlNodeList_free(nodeList);
nodeList = ixmlElement_getElementsByTagName(
(IXML_Element *)tmpNode, "UDN");
if (!nodeList) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!\n");
continue; continue;
} }
textNode = ixmlNode_getFirstChild( tmpNode2 ); tmpNode2 = ixmlNodeList_item(nodeList, 0);
if( textNode == NULL ) { if (!tmpNode2) {
UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!\n");
continue; continue;
} }
textNode = ixmlNode_getFirstChild(tmpNode2);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, if (!textNode) {
"Extracting device type \n" ); UpnpPrintf(UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!\n");
tmpStr = ixmlNode_getNodeValue( textNode );
if( tmpStr == NULL ) {
continue; continue;
} }
tmpStr = ixmlNode_getNodeValue(textNode);
strcpy( devType, tmpStr ); if (!tmpStr) {
if( devType == NULL ) { UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__,
"UDN not found!\n");
continue; continue;
} }
strcpy(UDNstr, tmpStr);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"Extracting device type = %s\n", devType ); "Sending UDNStr = %s \n", UDNstr);
if( tmpNode == NULL ) { if (AdFlag) {
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, /* send the device advertisement */
"TempNode is NULL\n" ); if (AdFlag == 1) {
} DeviceAdvertisement(devType, i == 0,
dbgStr = ixmlNode_getNodeName( tmpNode ); UDNstr, SInfo->DescURL, Exp);
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__, } else {
"Extracting UDN for %s\n", dbgStr ); /* AdFlag == -1 */
// extract UDN DeviceShutdown(devType, i == 0, UDNstr,
ixmlNodeList_free( nodeList ); SERVER, SInfo->DescURL, Exp);
nodeList = NULL;
nodeList = ixmlElement_getElementsByTagName( ( IXML_Element * )
tmpNode, "UDN" );
if( nodeList == NULL ) {
UpnpPrintf( UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" );
continue;
}
tmpNode2 = ixmlNodeList_item( nodeList, 0 );
if( tmpNode2 == NULL ) {
UpnpPrintf( UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" );
continue;
}
textNode = ixmlNode_getFirstChild( tmpNode2 );
if( textNode == NULL ) {
UpnpPrintf( UPNP_CRITICAL, API, __FILE__,
__LINE__, "UDN not found!!!\n" );
continue;
}
tmpStr = ixmlNode_getNodeValue( textNode );
if( tmpStr == NULL ) {
UpnpPrintf( UPNP_CRITICAL, API, __FILE__, __LINE__,
"UDN not found!!!!\n" );
continue;
}
strcpy( UDNstr, tmpStr );
if( UDNstr == NULL ) {
continue;
}
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"Sending UDNStr = %s \n", UDNstr );
if( AdFlag ) {
// send the device advertisement
if( AdFlag == 1 ) {
DeviceAdvertisement( devType, i == 0,
UDNstr, SInfo->DescURL, Exp );
} else { // AdFlag == -1
DeviceShutdown( devType, i == 0, UDNstr,
SERVER, SInfo->DescURL, Exp );
} }
} else { } else {
switch ( SearchType ) { switch (SearchType) {
case SSDP_ALL: case SSDP_ALL:
DeviceReply( DestAddr, DeviceReply(DestAddr, devType, i == 0,
devType, i == 0, UDNstr, SInfo->DescURL, defaultExp);
UDNstr, SInfo->DescURL, defaultExp );
break; break;
case SSDP_ROOTDEVICE: case SSDP_ROOTDEVICE:
if( i == 0 ) { if (i == 0) {
SendReply( DestAddr, devType, 1, SendReply(DestAddr, devType, 1,
UDNstr, SInfo->DescURL, defaultExp, 0 ); UDNstr, SInfo->DescURL, defaultExp, 0);
} }
break; break;
case SSDP_DEVICEUDN: case SSDP_DEVICEUDN: {
{ if (DeviceUDN && strlen(DeviceUDN) != 0) {
if( DeviceUDN != NULL && strlen( DeviceUDN ) != 0 ) { if (strcasecmp(DeviceUDN, UDNstr)) {
if( strcasecmp( DeviceUDN, UDNstr ) ) { UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"DeviceUDN=%s and search " "DeviceUDN=%s and search "
"UDN=%s did not match\n", "UDN=%s did not match\n",
UDNstr, DeviceUDN ); UDNstr, DeviceUDN);
break; break;
} else { } else {
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"DeviceUDN=%s and search " "DeviceUDN=%s and search "
"UDN=%s MATCH\n", UDNstr, "UDN=%s MATCH\n", UDNstr,
DeviceUDN ); DeviceUDN);
SendReply( DestAddr, devType, 0, SendReply(DestAddr, devType, 0,
UDNstr, SInfo->DescURL, UDNstr, SInfo->DescURL,
defaultExp, 0 ); defaultExp, 0);
break; break;
} }
} }
} }
case SSDP_DEVICETYPE: case SSDP_DEVICETYPE: {
{ if (!strncasecmp(DeviceType, devType, strlen(DeviceType))) {
if( !strncasecmp UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
( DeviceType, devType,
strlen( DeviceType ) ) ) {
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"DeviceType=%s and search devType=%s MATCH\n", "DeviceType=%s and search devType=%s MATCH\n",
devType, DeviceType ); devType, DeviceType);
SendReply( DestAddr, devType, 0, UDNstr, SendReply(DestAddr, devType, 0, UDNstr,
SInfo->DescURL, defaultExp, 1 ); SInfo->DescURL, defaultExp, 1);
} else { } else {
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"DeviceType=%s and search devType=%s" "DeviceType=%s and search devType=%s"
" DID NOT MATCH\n", " DID NOT MATCH\n",
devType, DeviceType ); devType, DeviceType);
} }
break; break;
} }
@ -296,104 +270,90 @@ int AdvertiseAndReply( IN int AdFlag,
break; break;
} }
} }
// send service advertisements for services corresponding /* send service advertisements for services corresponding
// to the same device * to the same device */
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
"Sending service Advertisement\n" ); "Sending service Advertisement\n");
tmpNode = ixmlNodeList_item( SInfo->ServiceList, i ); tmpNode = ixmlNodeList_item(SInfo->ServiceList, i);
if( tmpNode == NULL ) { if (!tmpNode) continue;
continue; ixmlNodeList_free(nodeList);
} nodeList = ixmlElement_getElementsByTagName(
ixmlNodeList_free( nodeList ); (IXML_Element *)tmpNode, "service");
nodeList = NULL; if (!nodeList) {
nodeList = ixmlElement_getElementsByTagName( ( IXML_Element * )
tmpNode, "service" );
if( nodeList == NULL ) {
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__, UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"Service not found 3\n" ); "Service not found 3\n" );
continue; continue;
} }
for( j = 0;; j++ ) { for (j = 0;; j++) {
tmpNode = ixmlNodeList_item( nodeList, j ); tmpNode = ixmlNodeList_item(nodeList, j);
if( tmpNode == NULL ) { if (!tmpNode) {
break; break;
} }
ixmlNodeList_free(tmpNodeList);
ixmlNodeList_free( tmpNodeList );
tmpNodeList = NULL;
tmpNodeList = ixmlElement_getElementsByTagName( tmpNodeList = ixmlElement_getElementsByTagName(
( IXML_Element *)tmpNode, "serviceType" ); (IXML_Element *)tmpNode, "serviceType");
if( tmpNodeList == NULL ) { if (!tmpNodeList) {
UpnpPrintf( UPNP_CRITICAL, API, __FILE__, __LINE__, UpnpPrintf(UPNP_CRITICAL, API, __FILE__, __LINE__,
"ServiceType not found \n" ); "ServiceType not found \n");
continue; continue;
} }
tmpNode2 = ixmlNodeList_item( tmpNodeList, 0 ); tmpNode2 = ixmlNodeList_item(tmpNodeList, 0);
if( tmpNode2 == NULL ) { if (!tmpNode2) continue;
continue; textNode = ixmlNode_getFirstChild(tmpNode2);
} if (!textNode) continue;
textNode = ixmlNode_getFirstChild( tmpNode2 ); /* servType is of format Servicetype:ServiceVersion */
if( textNode == NULL ) { tmpStr = ixmlNode_getNodeValue(textNode);
continue; if (!tmpStr) continue;
} strcpy(servType, tmpStr);
// servType is of format Servicetype:ServiceVersion UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__,
tmpStr = ixmlNode_getNodeValue( textNode ); "ServiceType = %s\n", servType);
if( tmpStr == NULL ) { if (AdFlag) {
continue; if (AdFlag == 1) {
} ServiceAdvertisement(UDNstr, servType,
strcpy( servType, tmpStr ); SInfo->DescURL, Exp);
if( servType == NULL ) { } else {
continue; /* AdFlag == -1 */
} ServiceShutdown(UDNstr, servType,
SInfo->DescURL, Exp);
UpnpPrintf( UPNP_INFO, API, __FILE__, __LINE__,
"ServiceType = %s\n", servType );
if( AdFlag ) {
if( AdFlag == 1 ) {
ServiceAdvertisement( UDNstr, servType,
SInfo->DescURL, Exp );
} else { // AdFlag == -1
ServiceShutdown( UDNstr, servType,
SInfo->DescURL, Exp );
} }
} else { } else {
switch ( SearchType ) { switch (SearchType) {
case SSDP_ALL: case SSDP_ALL:
ServiceReply( DestAddr, servType, ServiceReply(DestAddr, servType,
UDNstr, SInfo->DescURL, UDNstr, SInfo->DescURL,
defaultExp ); defaultExp);
break; break;
case SSDP_SERVICE: case SSDP_SERVICE:
if( ServiceType != NULL ) { if (ServiceType) {
if( !strncasecmp( ServiceType, if (!strncasecmp(ServiceType, servType, strlen(ServiceType))) {
servType, ServiceReply(DestAddr, servType,
strlen( ServiceType ) ) ) { UDNstr, SInfo->DescURL, defaultExp);
ServiceReply( DestAddr, servType,
UDNstr, SInfo->DescURL,
defaultExp );
} }
} }
break; break;
default: default:
break; break;
} // switch(SearchType)
} }
} }
ixmlNodeList_free( tmpNodeList ); }
ixmlNodeList_free(tmpNodeList);
tmpNodeList = NULL; tmpNodeList = NULL;
ixmlNodeList_free( nodeList ); ixmlNodeList_free(nodeList);
nodeList = NULL; nodeList = NULL;
} }
UpnpPrintf( UPNP_ALL, API, __FILE__, __LINE__,
"Exiting AdvertiseAndReply : \n" ); end_function:
ixmlNodeList_free(tmpNodeList);
ixmlNodeList_free(nodeList);
UpnpPrintf(UPNP_ALL, API, __FILE__, __LINE__,
"Exiting AdvertiseAndReply.\n");
HandleUnlock(); HandleUnlock();
return UPNP_E_SUCCESS; return retVal;
}
} /****************** End of AdvertiseAndReply *********************/
#endif /* EXCLUDE_SSDP == 0 */ #endif /* EXCLUDE_SSDP == 0 */
#endif /* INCLUDE_DEVICE_APIS */ #endif /* INCLUDE_DEVICE_APIS */