Skip to content

Bugfix: prevent reference counting from accessing freed memory #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Bugfix: prevent reference counting from accessing freed memory #238

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d7f20e3
Bugfix: reference counting was accessing freed memory
alranel May 12, 2022
db2e240
Prevent double object deletion
alranel May 12, 2022
82a5bb8
Disable refcounting on Uno WiFi rev2 not providing std::map
alranel May 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/BLECharacteristic.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,11 @@ BLECharacteristic::BLECharacteristic(const BLECharacteristic& other)

BLECharacteristic::~BLECharacteristic()
{
if (_local && _local->release() <= 0) {
if (_local && _local->release() == 0) {
delete _local;
}

if (_remote && _remote->release() <= 0) {
if (_remote && _remote->release() == 0) {
delete _remote;
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/BLEDescriptor.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,11 @@ BLEDescriptor::BLEDescriptor(const BLEDescriptor& other)

BLEDescriptor::~BLEDescriptor()
{
if (_local && _local->release() <= 0) {
if (_local && _local->release() == 0) {
delete _local;
}

if (_remote && _remote->release() <= 0) {
if (_remote && _remote->release() == 0) {
delete _remote;
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/BLEService.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ BLEService::BLEService(const BLEService& other)

BLEService::~BLEService()
{
if (_local && _local->release() <= 0) {
if (_local && _local->release() == 0) {
delete _local;
}

if (_remote && _remote->release() <= 0) {
if (_remote && _remote->release() == 0) {
delete _remote;
}
}
Expand Down
26 changes: 18 additions & 8 deletions src/local/BLELocalAttribute.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,12 @@

#include "BLELocalAttribute.h"

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
std::map<BLELocalAttribute*,int> BLELocalAttribute::_refCount;
#endif

BLELocalAttribute::BLELocalAttribute(const char* uuid) :
_uuid(uuid),
_refCount(0)
_uuid(uuid)
{
}

Expand Down Expand Up @@ -51,14 +54,21 @@ enum BLEAttributeType BLELocalAttribute::type() const

int BLELocalAttribute::retain()
{
_refCount++;

return _refCount;
#ifndef ARDUINO_AVR_UNO_WIFI_REV2
_refCount[this]++;
return _refCount[this];
#else
return -1;
#endif
}

int BLELocalAttribute::release()
{
_refCount--;

return _refCount;
#ifndef ARDUINO_AVR_UNO_WIFI_REV2
_refCount[this]--;
if (_refCount[this] == 0) _refCount.erase(this);
return _refCount[this];
#else
return -1;
#endif
}
9 changes: 8 additions & 1 deletion src/local/BLELocalAttribute.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@

#include "utility/BLEUuid.h"

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
#include <map>
#endif

#define BLE_ATTRIBUTE_TYPE_SIZE 2

enum BLEAttributeType {
Expand Down Expand Up @@ -54,7 +58,10 @@ class BLELocalAttribute

private:
BLEUuid _uuid;
int _refCount;

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
static std::map<BLELocalAttribute*,int> _refCount;
#endif
};

#endif
2 changes: 1 addition & 1 deletion src/local/BLELocalCharacteristic.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ BLELocalCharacteristic::~BLELocalCharacteristic()
for (unsigned int i = 0; i < descriptorCount(); i++) {
BLELocalDescriptor* d = descriptor(i);

if (d->release() <= 0) {
if (d->release() == 0) {
delete d;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/local/BLELocalService.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ BLELocalService::~BLELocalService()
for (unsigned int i = 0; i < characteristicCount(); i++) {
BLELocalCharacteristic* c = characteristic(i);

if (c->release() <= 0) {
if (c->release() == 0) {
delete c;
}
}
Expand Down
26 changes: 18 additions & 8 deletions src/remote/BLERemoteAttribute.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,12 @@

#include "BLERemoteAttribute.h"

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
std::map<BLERemoteAttribute*,int> BLERemoteAttribute::_refCount;
#endif

BLERemoteAttribute::BLERemoteAttribute(const uint8_t uuid[], uint8_t uuidLen) :
_uuid(BLEUuid::uuidToString(uuid, uuidLen)),
_refCount(0)
_uuid(BLEUuid::uuidToString(uuid, uuidLen))
{
}

Expand All @@ -38,14 +41,21 @@ const char* BLERemoteAttribute::uuid() const

int BLERemoteAttribute::retain()
{
_refCount++;

return _refCount;
#ifndef ARDUINO_AVR_UNO_WIFI_REV2
_refCount[this]++;
return _refCount[this];
#else
return -1;
#endif
}

int BLERemoteAttribute::release()
{
_refCount--;

return _refCount;
#ifndef ARDUINO_AVR_UNO_WIFI_REV2
_refCount[this]--;
if (_refCount[this] == 0) _refCount.erase(this);
return _refCount[this];
#else
return -1;
#endif
}
9 changes: 8 additions & 1 deletion src/remote/BLERemoteAttribute.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@

#include <Arduino.h>

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
#include <map>
#endif

class BLERemoteAttribute
{
public:
Expand All @@ -35,7 +39,10 @@ class BLERemoteAttribute

private:
String _uuid;
int _refCount;

#ifndef ARDUINO_AVR_UNO_WIFI_REV2
static std::map<BLERemoteAttribute*,int> _refCount;
#endif
};

#endif
2 changes: 1 addition & 1 deletion src/remote/BLERemoteCharacteristic.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ BLERemoteCharacteristic::~BLERemoteCharacteristic()
for (unsigned int i = 0; i < descriptorCount(); i++) {
BLERemoteDescriptor* d = descriptor(i);

if (d->release() <= 0) {
if (d->release() == 0) {
delete d;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/remote/BLERemoteDevice.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ void BLERemoteDevice::clearServices()
for (unsigned int i = 0; i < serviceCount(); i++) {
BLERemoteService* s = service(i);

if (s->release() <= 0) {
if (s->release() == 0) {
delete s;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/remote/BLERemoteService.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ BLERemoteService::~BLERemoteService()
for (unsigned int i = 0; i < characteristicCount(); i++) {
BLERemoteCharacteristic* c = characteristic(i);

if (c->release() <= 0) {
if (c->release() == 0) {
delete c;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/utility/GATT.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ void GATTClass::clearAttributes()
for (unsigned int i = 0; i < attributeCount(); i++) {
BLELocalAttribute* a = attribute(i);

if (a->release() <= 0) {
if (a->release() == 0) {
delete a;
}
}
Expand Down