Open millikk opened 2 weeks ago
Not sure this is perfect, but it should solve the crash
diff --git a/lib/core-net/vhost.c b/lib/core-net/vhost.c
index a5311494..b5d9092c 100644
--- a/lib/core-net/vhost.c
+++ b/lib/core-net/vhost.c
@@ -1236,8 +1236,7 @@ __lws_vhost_destroy_pt_wsi_dieback_start(struct lws_vhost *vh)
if (w->tsi == tsi) {
lwsl_vhost_debug(vh, "closing aso");
- lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS,
- "awaiting skt");
+ lws_wsi_close(w, LWS_TO_KILL_ASYNC);
}
} lws_end_foreach_dll_safe(d, d1);
Libwebsockets version: 4.3.2
OS: Linux
Brief: If the
lws_create_adopt_udp()
function fails to bind a socket and returns NULL, then subsequent call of thelws_vhost_destroy()
leads to crashDetails:
lws_create_adopt_udp()
starts, it creates awsi
object and saves it in thevhost->vh_awaiting_socket_owner
list (see the__lws_adopt_descriptor_vhost1()
function). Then if thelws_create_adopt_udp()
fails to bind a socket, it doen't destroy thewsi
object, but leaves it in thevhost->vh_awaiting_socket_owner
list.lws_vhost_destroy()
is called, it starts closing all itswsi
objects in the__lws_vhost_destroy_pt_wsi_dieback_start()
function. But when the lastwsi
is destroyed, the wholevhost
is also destroyed, look at the call chain:__lws_vhost_destroy_pt_wsi_dieback_start() -> lws_close_free_wsi() -> __lws_close_free_wsi() -> __lws_close_free_wsi_final() -> __lws_free_wsi() -> __lws_vhost_unbind_wsi() -> __lws_vhost_destroy2()
. After return from this chain thelws_vhost_destroy()
function accesses to the already destroyedvh
object and calls__lws_vhost_destroy2()
again on itHow to reproduce
Here is the minimal code snippet to reproduce the problem. To trigger the error in the
lws_create_adopt_udp()
we firstly bind socket to the port 55505 and then calllws_create_adopt_udp()
with the same port number. Then subsequent call of thelws_vhost_destroy(vhost);
leads to crash. Also if we comment out the linelws_vhost_destroy(vhost); // <- here should be a crash
, we will get memory leaks (see the memory sanitizer output). To build the snippet, run:where the
./lws/
is a folder withlibwebsockets
, and the./tls/
is a folder with tls backend (in my case it'smbedtls
Minimal snippet
```c #include