Closed murphyzhao closed 5 years ago
修复方式:
释放内存后,置为 NULL
ota.c
int IOT_OTA_Ioctl(void *handle, IOT_OTA_CmdType_t type, void *buf, size_t buf_len)
{
...
...
case IOT_OTAG_CHECK_FIRMWARE:
if ((4 != buf_len) || (0 != ((unsigned long)buf & 0x3))) {
OTA_LOG_ERROR("Invalid parameter");
h_ota->err = IOT_OTAE_INVALID_PARAM;
return -1;
} else if (h_ota->state != IOT_OTAS_FETCHED) {
h_ota->err = IOT_OTAE_INVALID_STATE;
OTA_LOG_ERROR("Firmware can be checked in IOT_OTAS_FETCHED state only");
return -1;
} else {
char md5_str[33];
otalib_MD5Finalize(h_ota->md5, md5_str);
OTA_LOG_DEBUG("origin=%s, now=%s", h_ota->md5sum, md5_str);
if (0 == strcmp(h_ota->md5sum, md5_str)) {
*((uint32_t *)buf) = 1;
} else {
*((uint32_t *)buf) = 0;
}
memset(h_ota->md5sum, 0x0, 33);
otalib_MD5Deinit(h_ota->md5);
h_ota->md5 = NULL;
return 0;
最新版本中已经修复
在 OTA 成功后,释放 MD5 出现 double free 问题