From 178b3c52d4fd544593e1462173f219684442116e Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Sun, 28 Aug 2022 22:09:17 -0400 Subject: [PATCH] Fix potential IPPacketInfo leak in LwIP code. (#22198) --- src/inet/UDPEndPointImplLwIP.cpp | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/inet/UDPEndPointImplLwIP.cpp b/src/inet/UDPEndPointImplLwIP.cpp index 2a46a64217cc20..2d54324e606fd7 100644 --- a/src/inet/UDPEndPointImplLwIP.cpp +++ b/src/inet/UDPEndPointImplLwIP.cpp @@ -367,10 +367,9 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb { return; } - // Raw pointer is required for passing into lambda. - // The memory life cycle of `pktInfo` is manually managed. - IPPacketInfo * pktInfo = Platform::New(); - if (pktInfo == nullptr) + + auto pktInfo = Platform::MakeUnique(); + if (pktInfo.get() == nullptr) { ChipLogError(Inet, "Cannot allocate packet info"); return; @@ -391,20 +390,17 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb pktInfo->SrcPort = port; pktInfo->DestPort = pcb->local_port; - CHIP_ERROR err = ep->GetSystemLayer().ScheduleLambda([ep, p = System::LwIPPacketBufferView::UnsafeGetLwIPpbuf(buf), pktInfo] { - ep->HandleDataReceived(System::PacketBufferHandle::Adopt(p), pktInfo); - }); + CHIP_ERROR err = ep->GetSystemLayer().ScheduleLambda( + [ep, p = System::LwIPPacketBufferView::UnsafeGetLwIPpbuf(buf), pktInfo = pktInfo.get()] { + ep->HandleDataReceived(System::PacketBufferHandle::Adopt(p), pktInfo); + }); if (err == CHIP_NO_ERROR) { // If ScheduleLambda() succeeded, it has ownership of the buffer, so we need to release it (without freeing it). static_cast(std::move(buf).UnsafeRelease()); - } - else - { - // If ScheduleLambda() succeeded, `pktInfo` will be deleted in `HandleDataReceived`. - // Otherwise we delete it here. - Platform::Delete(pktInfo); + // Similarly, ScheduleLambda now has ownership of pktInfo. + pktInfo.release(); } }