Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: heap-use-after-free in chip::Controller::DeviceComm… #17504

Merged
merged 1 commit into from
Apr 19, 2022
Merged

AddressSanitizer: heap-use-after-free in chip::Controller::DeviceComm… #17504

merged 1 commit into from
Apr 19, 2022

Conversation

vivien-apple
Copy link
Contributor

…issioner::CommissioningStageComplete

Problem

When a device is in the process of being commissioned but the operation node discovery timeouts there is a use-after-free because the failure callback release the actual OperationDeviceProxy before calling CommissioningStageComplete that is trying to use it.

Change overview

  • Move the call to release once CommissioningStageComplete has been called.

Testing

I have tested it by modifying the mdns code on darwin to advertise the operational data after a delay longer than the one use by the commissioner.

@vivien-apple vivien-apple self-assigned this Apr 19, 2022
@github-actions
Copy link

github-actions bot commented Apr 19, 2022
edited
Loading

PR #17504: Size comparison from 6a1d09f to 6e2818b

Increases (1 build for linux)
platform target config section 6a1d09f 6e2818b change % change
linux chip-tool-no-interactive-ipv6only arm64 (read only) 10481020 10481036 16 0.0
.text 8851684 8851700 16 0.0
Full report (32 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 6a1d09f 6e2818b change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 685799 685799 0 0.0
(read/write) 167384 167384 0 0.0
.bss 76168 76168 0 0.0
.data 3380 3380 0 0.0
.rodata 103623 103623 0 0.0
.text 581696 581696 0 0.0
lock-ftd LP_CC2652R7 (read only) 678095 678095 0 0.0
(read/write) 166056 166056 0 0.0
.bss 74192 74192 0 0.0
.data 3212 3212 0 0.0
.rodata 99319 99319 0 0.0
.text 578292 578292 0 0.0
lock-mtd LP_CC2652R7 (read only) 626839 626839 0 0.0
(read/write) 146980 146980 0 0.0
.bss 69912 69912 0 0.0
.data 3212 3212 0 0.0
.rodata 99199 99199 0 0.0
.text 527148 527148 0 0.0
pump-app LP_CC2652R7 (read only) 649807 649807 0 0.0
(read/write) 152492 152492 0 0.0
.bss 74624 74624 0 0.0
.data 3244 3244 0 0.0
.rodata 75719 75719 0 0.0
.text 573600 573600 0 0.0
pump-controller-app LP_CC2652R7 (read only) 643151 643151 0 0.0
(read/write) 152160 152160 0 0.0
.bss 74328 74328 0 0.0
.data 3208 3208 0 0.0
.rodata 79055 79055 0 0.0
.text 563608 563608 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 619310 619310 0 0.0
.app_xip_area 526068 526068 0 0.0
.bss 75908 75908 0 0.0
.data 684 684 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 614010 614010 0 0.0
.app_xip_area 522248 522248 0 0.0
.bss 74460 74460 0 0.0
.data 648 648 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 566406 566406 0 0.0
.app_xip_area 465056 465056 0 0.0
.bss 83752 83752 0 0.0
.data 564 564 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 909172 909172 0 0.0
(read/write) 133128 133128 0 0.0
.bss 131088 131088 0 0.0
.data 2040 2040 0 0.0
.text 909164 909164 0 0.0
BRD4161A+rpc (read only) 943548 943548 0 0.0
(read/write) 149812 149812 0 0.0
.bss 147568 147568 0 0.0
.data 2244 2244 0 0.0
.text 943540 943540 0 0.0
window-app BRD4161A (read only) 846644 846644 0 0.0
(read/write) 131116 131116 0 0.0
.bss 129168 129168 0 0.0
.data 1948 1948 0 0.0
.text 846636 846636 0 0.0
esp32 all-clusters-app c3devkit (read only) 981816 981816 0 0.0
(read/write) 1398170 1398170 0 0.0
.dram0.bss 62640 62640 0 0.0
.dram0.data 14412 14412 0 0.0
.flash.rodata 202208 202208 0 0.0
.flash.text 981816 981816 0 0.0
.iram0.text 62016 62016 0 0.0
m5stack (read only) 1036999 1036999 0 0.0
(read/write) 465896 465896 0 0.0
.dram0.bss 68152 68152 0 0.0
.dram0.data 34152 34152 0 0.0
.flash.rodata 231756 231756 0 0.0
.flash.text 1031615 1031615 0 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 684868 684868 0 0.0
.bss 77912 77912 0 0.0
.data 1992 1992 0 0.0
.text 599164 599164 0 0.0
lock k32w061+release (read/write) 726164 726164 0 0.0
.bss 78544 78544 0 0.0
.data 1952 1952 0 0.0
.text 639868 639868 0 0.0
linux all-clusters-app debug (read only) 2708945 2708945 0 0.0
(read/write) 149568 149568 0 0.0
.bss 59968 59968 0 0.0
.data 1920 1920 0 0.0
.data.rel.ro 81624 81624 0 0.0
.dynamic 608 608 0 0.0
.got 4448 4448 0 0.0
.init 27 27 0 0.0
.init_array 984 984 0 0.0
.rodata 233541 233541 0 0.0
.text 2300754 2300754 0 0.0
bridge-app debug+rpc (read only) 1841901 1841901 0 0.0
(read/write) 91920 91920 0 0.0
.bss 44232 44232 0 0.0
.data 2912 2912 0 0.0
.data.rel.ro 39688 39688 0 0.0
.dynamic 592 592 0 0.0
.got 3920 3920 0 0.0
.init 27 27 0 0.0
.init_array 544 544 0 0.0
.rodata 149273 149273 0 0.0
.text 1573701 1573701 0 0.0
chip-tool debug (read only) 10863597 10863597 0 0.0
(read/write) 373552 373552 0 0.0
.bss 22592 22592 0 0.0
.data 1136 1136 0 0.0
.data.rel.ro 343592 343592 0 0.0
.dynamic 624 624 0 0.0
.got 4936 4936 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 544653 544653 0 0.0
.text 9484741 9484741 0 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 10481020 10481036 16 0.0
(read/write) 494929 494929 0 0.0
.bss 40865 40865 0 0.0
.data 1184 1184 0 0.0
.data.rel.ro 390744 390744 0 0.0
.dynamic 560 560 0 0.0
.got 58336 58336 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 518396 518396 0 0.0
.text 8851684 8851700 16 0.0
lighting-app debug+rpc (read only) 2319033 2319033 0 0.0
(read/write) 127984 127984 0 0.0
.bss 50016 50016 0 0.0
.data 1952 1952 0 0.0
.data.rel.ro 70312 70312 0 0.0
.dynamic 608 608 0 0.0
.got 4304 4304 0 0.0
.init 27 27 0 0.0
.init_array 776 776 0 0.0
.rodata 183433 183433 0 0.0
.text 1969154 1969154 0 0.0
lock-app debug (read only) 2142729 2142729 0 0.0
(read/write) 120248 120248 0 0.0
.bss 47840 47840 0 0.0
.data 1472 1472 0 0.0
.data.rel.ro 65368 65368 0 0.0
.dynamic 592 592 0 0.0
.got 4248 4248 0 0.0
.init 27 27 0 0.0
.init_array 720 720 0 0.0
.rodata 189849 189849 0 0.0
.text 1796130 1796130 0 0.0
ota-provider-app debug (read only) 2051969 2051969 0 0.0
(read/write) 115616 115616 0 0.0
.bss 48032 48032 0 0.0
.data 1640 1640 0 0.0
.data.rel.ro 60200 60200 0 0.0
.dynamic 608 608 0 0.0
.got 4448 4448 0 0.0
.init 27 27 0 0.0
.init_array 632 632 0 0.0
.rodata 173803 173803 0 0.0
.text 1721170 1721170 0 0.0
ota-requestor-app debug (read only) 2082785 2082785 0 0.0
(read/write) 118424 118424 0 0.0
.bss 48704 48704 0 0.0
.data 1896 1896 0 0.0
.data.rel.ro 62248 62248 0 0.0
.dynamic 592 592 0 0.0
.got 4288 4288 0 0.0
.init 27 27 0 0.0
.init_array 656 656 0 0.0
.rodata 170124 170124 0 0.0
.text 1754178 1754178 0 0.0
shell debug (read only) 2535873 2535873 0 0.0
(read/write) 150312 150312 0 0.0
.bss 67368 67368 0 0.0
.data 1296 1296 0 0.0
.data.rel.ro 75944 75944 0 0.0
.dynamic 592 592 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 920 920 0 0.0
.rodata 215666 215666 0 0.0
.text 2158466 2158466 0 0.0
thermostat-no-ble arm64 (read only) 2359996 2359996 0 0.0
(read/write) 151137 151137 0 0.0
.bss 62945 62945 0 0.0
.data 1440 1440 0 0.0
.data.rel.ro 78984 78984 0 0.0
.dynamic 560 560 0 0.0
.got 4752 4752 0 0.0
.init 24 24 0 0.0
.init_array 368 368 0 0.0
.rodata 145356 145356 0 0.0
.text 1985648 1985648 0 0.0
tv-app debug (read only) 2836161 2836161 0 0.0
(read/write) 253136 253136 0 0.0
.bss 165976 165976 0 0.0
.data 4448 4448 0 0.0
.data.rel.ro 76512 76512 0 0.0
.dynamic 592 592 0 0.0
.got 4680 4680 0 0.0
.init 27 27 0 0.0
.init_array 912 912 0 0.0
.rodata 215435 215435 0 0.0
.text 2438530 2438530 0 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2410724 2410724 0 0.0
.bss 185252 185252 0 0.0
.data 5840 5840 0 0.0
.text 1373324 1373324 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1165731 1165731 0 0.0
bss 136520 136520 0 0.0
rodata 147780 147780 0 0.0
text 802796 802796 0 0.0
p6 all-clusters-app default (read/write) 2518464 2518464 0 0.0
.bss 118624 118624 0 0.0
.data 2768 2768 0 0.0
.text 1476728 1476728 0 0.0
light-app default (read/write) 2417144 2417144 0 0.0
.bss 112104 112104 0 0.0
.data 2576 2576 0 0.0
.text 1375408 1375408 0 0.0
lock-app default (read/write) 2421032 2421032 0 0.0
.bss 111904 111904 0 0.0
.data 2536 2536 0 0.0
.text 1379296 1379296 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 802236 802236 0 0.0
bss 69952 69952 0 0.0
noinit 40416 40416 0 0.0
text 570790 570790 0 0.0

@andy31415 andy31415 merged commit 03ea72d into project-chip:master Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@msandstedt msandstedt msandstedt approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@austinh0 austinh0 Awaiting requested review from austinh0

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@carol-apple carol-apple Awaiting requested review from carol-apple

@cecille cecille Awaiting requested review from cecille

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@emargolis emargolis Awaiting requested review from emargolis

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@hawk248 hawk248 Awaiting requested review from hawk248

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@lzgrablic02 lzgrablic02 Awaiting requested review from lzgrablic02

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@mspang mspang Awaiting requested review from mspang

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

Assignees

@vivien-apple vivien-apple

Labels
controller review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vivien-apple @tcarmelveilleux @msandstedt @andy31415