From 463d8bc065180fb44b9c6e6d53255df3ddd180e3 Mon Sep 17 00:00:00 2001 From: Spencer Sevilla Date: Tue, 24 Jan 2023 10:24:56 -0800 Subject: [PATCH] [core][no_upstream] add sanity checks to ogs_timer alloc/free (#61) --- lib/core/ogs-timer.c | 9 ++++++++- lib/core/ogs-timer.h | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/core/ogs-timer.c b/lib/core/ogs-timer.c index 90c01c9db7..ba9219071d 100644 --- a/lib/core/ogs-timer.c +++ b/lib/core/ogs-timer.c @@ -94,7 +94,7 @@ ogs_timer_t *ogs_timer_add( memset(timer, 0, sizeof *timer); timer->cb = cb; timer->data = data; - + timer->assigned = true; timer->manager = manager; return timer; @@ -112,6 +112,13 @@ void ogs_timer_delete_debug(ogs_timer_t *timer, const char *file_line) ogs_assert_if_reached(); } + // we can recover from double-free by just returning here + if (!timer->assigned) { + ogs_error("ogs_timer_delete double free"); + return; + } + timer->assigned = false; + ogs_timer_stop(timer); ogs_pool_free(&manager->pool, timer); diff --git a/lib/core/ogs-timer.h b/lib/core/ogs-timer.h index f38b208a31..53289c7ac1 100644 --- a/lib/core/ogs-timer.h +++ b/lib/core/ogs-timer.h @@ -39,6 +39,8 @@ typedef struct ogs_timer_s { ogs_timer_mgr_t *manager; bool running; ogs_time_t timeout; + + bool assigned; } ogs_timer_t; ogs_timer_mgr_t *ogs_timer_mgr_create(unsigned int capacity);