OpenBK7231T_App icon indicating copy to clipboard operation
OpenBK7231T_App copied to clipboard
Published 3 months ago verified publisher icon openshwprojects

Various fixes for callback list management.

Open notzed opened this issue 1 year ago • 2 comments

I noticed some messy and broken logic in new_mttq.c by chance and offer some fixes and minor improvements. As is removeCallback can't function since ID is never set in addCallback, and a malloc failure for the subscriptionTopic will cause a use-after-free since topic is only freed and not NULLified. To simplify the array traversal this change also ensures that all numCallback entries are valid by compacting the array in removeCallback.

As per the commit log:

  • use-after-free in the case of a failed malloc
  • registercallback never sets ID, so removecallback can't work
  • clearcallbacks doesn't reset numCallbacks
  • redundant NULL checks for os_free
  • change to avoid empty slots in list by copying the last entry to the newly empty slot in removecallback

notzed avatar Jan 02 '25 09:01 notzed

Hey, are you sure about this part? image postrstr is not a va function, it is not doing sprintf, so no formatting there. Are you sure that it needs escaping?

openshwprojects avatar Jan 02 '25 15:01 openshwprojects

Yeah that's correct. It's a quoted string, and \s is not a valid escape sequence in C quoted strings - "undefined behaviour" - in this case gcc still includes \ in the output but issues a warning. These quoted values are processed by the compiler not by printf etc.

e.g. https://en.wikipedia.org/wiki/Escape_sequences_in_C#Escape_sequences

notzed avatar Jan 02 '25 22:01 notzed