From 2ebefb85b7f5ae28db1e8c11196467efd3c914cf Mon Sep 17 00:00:00 2001 From: mannol Date: Sat, 31 May 2014 00:29:43 +0200 Subject: [PATCH] Fixed potential memleaks --- toxav/media.c | 5 +++- toxav/msi.c | 65 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 47 insertions(+), 23 deletions(-) diff --git a/toxav/media.c b/toxav/media.c index 16156d9d..8b50e301 100644 --- a/toxav/media.c +++ b/toxav/media.c @@ -59,7 +59,10 @@ JitterBuffer *create_queue(int capacity) if ( !(q = calloc(sizeof(JitterBuffer), 1)) ) return NULL; - if (!(q->queue = calloc(sizeof(RTPMessage *), capacity))) return NULL; + if (!(q->queue = calloc(sizeof(RTPMessage *), capacity))) { + free(q); + return NULL; + } q->size = 0; q->capacity = capacity; diff --git a/toxav/msi.c b/toxav/msi.c index e40d16c1..031f1e54 100644 --- a/toxav/msi.c +++ b/toxav/msi.c @@ -328,7 +328,8 @@ var.size = t_size; } void free_message ( MSIMessage *msg ) { if ( msg == NULL ) { - LOGGER_ERROR("Tried to free empty message"); + LOGGER_WARNING("Tried to free empty message"); + return; } free ( msg->calltype.header_value ); @@ -818,6 +819,11 @@ MSICall *find_call ( MSISession *session, uint8_t *call_id ) */ int handle_error ( MSISession *session, MSICall *call, MSICallError errid, uint32_t to ) { + if (!call) { + LOGGER_WARNING("Cannot handle error on 'null' call"); + return -1; + } + LOGGER_DEBUG("Sending error: %d on call: %s", errid, call->id); MSIMessage *_msg_error = msi_new_message ( TYPE_RESPONSE, stringify_response ( error ) ); @@ -1041,6 +1047,7 @@ int handle_recv_invite ( MSISession *session, MSICall *call, MSIMessage *msg ) pthread_mutex_lock(&session->mutex); + if ( call ) { if ( call->peers[0] == msg->friend_id ) { /* The glare case. A calls B when at the same time @@ -1051,7 +1058,18 @@ int handle_recv_invite ( MSISession *session, MSICall *call, MSIMessage *msg ) */ if ( call_id_bigger (call->id, msg->callid.header_value) == 1 ) { /* Peer has advantage */ + + /* Terminate call; peer will timeout(call) if call initialization (magically) fails */ terminate_call(session, call); + + call = init_call ( session, 1, 0 ); + + if ( !call ) { + pthread_mutex_unlock(&session->mutex); + LOGGER_ERROR("Starting call"); + return 0; + } + } else { pthread_mutex_unlock(&session->mutex); return 0; /* Wait for ringing from peer */ @@ -1063,6 +1081,15 @@ int handle_recv_invite ( MSISession *session, MSICall *call, MSIMessage *msg ) return 0; } } + else { + call = init_call ( session, 1, 0 ); + + if ( !call ) { + pthread_mutex_unlock(&session->mutex); + LOGGER_ERROR("Starting call"); + return 0; + } + } if ( !msg->callid.header_value ) { handle_error ( session, call, error_no_callid, msg->friend_id ); @@ -1070,28 +1097,20 @@ int handle_recv_invite ( MSISession *session, MSICall *call, MSIMessage *msg ) return 0; } - MSICall *new_call = init_call ( session, 1, 0 ); + memcpy ( call->id, msg->callid.header_value, CALL_ID_LEN ); + call->state = call_starting; - if ( !new_call ) { - handle_error ( session, call, error_busy, msg->friend_id ); - pthread_mutex_unlock(&session->mutex); - return 0; - } + add_peer( call, msg->friend_id); - memcpy ( new_call->id, msg->callid.header_value, CALL_ID_LEN ); - new_call->state = call_starting; - - add_peer( new_call, msg->friend_id); - - flush_peer_type ( new_call, msg, 0 ); + flush_peer_type ( call, msg, 0 ); MSIMessage *_msg_ringing = msi_new_message ( TYPE_RESPONSE, stringify_response ( ringing ) ); - send_message ( session, new_call, _msg_ringing, msg->friend_id ); + send_message ( session, call, _msg_ringing, msg->friend_id ); free_message ( _msg_ringing ); - + pthread_mutex_unlock(&session->mutex); - invoke_callback(new_call->call_idx, MSI_OnInvite); + invoke_callback(call->call_idx, MSI_OnInvite); return 1; } @@ -1418,6 +1437,10 @@ void msi_handle_packet ( Messenger *messenger, int source, uint8_t *data, uint16 goto free_end; } + /* Got response so cancel timer */ + if ( _call ) + event.timer_release ( _call->request_timer_id ); + uint8_t _response_value[32]; memcpy(_response_value, _msg->response.header_value, _msg->response.size); @@ -1440,10 +1463,6 @@ void msi_handle_packet ( Messenger *messenger, int source, uint8_t *data, uint16 goto free_end; } - /* Got response so cancel timer */ - if ( _call ) - event.timer_release ( _call->request_timer_id ); - } else { LOGGER_WARNING("Invalid message: no resp nor requ headers"); } @@ -1568,13 +1587,13 @@ int msi_invite ( MSISession *session, int32_t *call_index, MSICallType call_type LOGGER_DEBUG("Session: %p Inviting friend: %u", session, friend_id); - MSIMessage *_msg_invite = msi_new_message ( TYPE_REQUEST, stringify_request ( invite ) ); MSICall *_call = init_call ( session, 1, rngsec ); /* Just one peer for now */ if ( !_call ) { pthread_mutex_unlock(&session->mutex); - return -1; /* Cannot handle more calls */ + LOGGER_ERROR("Cannot handle more calls"); + return -1; } *call_index = _call->call_idx; @@ -1584,6 +1603,8 @@ int msi_invite ( MSISession *session, int32_t *call_index, MSICallType call_type add_peer(_call, friend_id ); _call->type_local = call_type; + + MSIMessage *_msg_invite = msi_new_message ( TYPE_REQUEST, stringify_request ( invite ) ); /* Do whatever with message */ if ( call_type == type_audio ) {