Free called twice when gpio closed with Isr enabled

eclipse / mraa

Linux Library for low speed IO Communication in C with bindings for C++, Python, Node.js & Java. Supports generic io platforms, as well as Intel Edison, Intel Joule, Raspberry Pi and many more.

http://mraa.io

MIT License

1.36k stars 613 forks source link

Free called twice when gpio closed with Isr enabled #1065

Open ghost opened 3 years ago

ghost commented 3 years ago

In mraa_gpio_close(mraa_gpio_context dev)

    if (dev->events) {
        free(dev->events);
    }

/* Free any ISRs */

mraa_gpio_isr_exit(dev);

In mraa_gpio_isr_exit(mraa_gpio_context dev)

if (dev->events) {
        free(dev->events);
        dev->events = NULL;
    }

Since the dev->events is not assigned null, double free happens. The freeing of events should be defined inside the mraa_gpio_isr_exit. Two places is not correct

Propanu commented 3 years ago

I think you're on to something, the call in mraa_gpio_close(...) should've been removed when c563e4fb4daebc289983ceb2f8c4e0d8f8e80e9a was merged. Initially the gpio_close and gpio_isr_exit functions were independent and managed by the user, so it did make sense to have both. Is this causing a segfault or any issues for your application?

ghost commented 3 years ago

Yes it is showing error for double free. After calling free we are not assigning null. So inside the gpio_isr_exit when it is checked again it assumes it not freed and does the free again. The second issue is why we need this code in the close. The deleting of the events should be ideally inside the gpio_isr_exit.

ghost commented 3 years ago

@Propanu Can I create a branch and provide the fix for the same.

Propanu commented 3 years ago

By all means. I will also list this as a bug so it can be included with the next set of patches.

GPCExplorer commented 1 year ago

Hi, What's the status resolving this bug?