Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make sure DnssdServer does not dereference a dangling fabric table. (#…
Browse files Browse the repository at this point in the history
…26354)

We could end up not calling StopServer if the last release of a system state was
a direct release on the state itself, not a call to ReleaseSystemState.

To fix this, move the DnssdServer::StopServer bits into the actual system state
shutdown, where we know whether we are destroying the fabric table that
DnssdServer uses and can clean up appropriately.
bzbarsky-apple authored and pull[bot] committed Nov 23, 2023
1 parent 2c56646 commit 2418592
Showing 4 changed files with 24 additions and 10 deletions.
3 changes: 3 additions & 0 deletions src/app/server/Dnssd.cpp
Original file line number Diff line number Diff line change
@@ -345,6 +345,9 @@ void DnssdServer::StartServer()

void DnssdServer::StopServer()
{
// Make sure we don't hold on to a dangling fabric table pointer.
mFabricTable = nullptr;

DeviceLayer::PlatformMgr().RemoveEventHandler(OnPlatformEventWrapper, 0);

#if CHIP_DEVICE_CONFIG_ENABLE_EXTENDED_DISCOVERY
8 changes: 5 additions & 3 deletions src/app/server/Dnssd.h
Original file line number Diff line number Diff line change
@@ -60,8 +60,9 @@ class DLL_EXPORT DnssdServer
Inet::InterfaceId GetInterfaceId() { return mInterfaceId; }

//
// Override the referenced fabric table from the default that is present
// in Server::GetInstance().GetFabricTable() to something else.
// Set the fabric table the DnssdServer should use for operational
// advertising. This must be set before StartServer() is called for the
// first time.
//
void SetFabricTable(FabricTable * table)
{
@@ -94,7 +95,8 @@ class DLL_EXPORT DnssdServer
/// (Re-)starts the Dnssd server, using the provided commissioning mode.
void StartServer(Dnssd::CommissioningMode mode);

//// Stop the Dnssd server.
//// Stop the Dnssd server. After this call, SetFabricTable must be called
//// again before calling StartServer().
void StopServer();

CHIP_ERROR GenerateRotatingDeviceId(char rotatingDeviceIdHexBuffer[], size_t rotatingDeviceIdHexBufferSize);
15 changes: 9 additions & 6 deletions src/controller/CHIPDeviceControllerFactory.cpp
Original file line number Diff line number Diff line change
@@ -272,7 +272,7 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params)

// store the system state
mSystemState = chip::Platform::New<DeviceControllerSystemState>(std::move(stateParams));
mSystemState->SetTempFabricTable(tempFabricTable);
mSystemState->SetTempFabricTable(tempFabricTable, params.enableServerInteractions);
ChipLogDetail(Controller, "System State Initialized...");
return CHIP_NO_ERROR;
}
@@ -348,11 +348,6 @@ void DeviceControllerFactory::RetainSystemState()
void DeviceControllerFactory::ReleaseSystemState()
{
mSystemState->Release();

if (!mSystemState->IsInitialized() && mEnableServerInteractions)
{
app::DnssdServer::Instance().StopServer();
}
}

DeviceControllerFactory::~DeviceControllerFactory()
@@ -384,6 +379,14 @@ void DeviceControllerSystemState::Shutdown()

ChipLogDetail(Controller, "Shutting down the System State, this will teardown the CHIP Stack");

if (mTempFabricTable && mEnableServerInteractions)
{
// The DnssdServer is holding a reference to our temp fabric table,
// which we are about to destroy. Stop it, so that it will stop trying
// to use it.
app::DnssdServer::Instance().StopServer();
}

if (mFabricTableDelegate != nullptr)
{
if (mFabrics != nullptr)
8 changes: 7 additions & 1 deletion src/controller/CHIPDeviceControllerSystemState.h
Original file line number Diff line number Diff line change
@@ -185,7 +185,11 @@ class DeviceControllerSystemState
CASESessionManager * CASESessionMgr() const { return mCASESessionManager; }
Credentials::GroupDataProvider * GetGroupDataProvider() const { return mGroupDataProvider; }
Crypto::SessionKeystore * GetSessionKeystore() const { return mSessionKeystore; }
void SetTempFabricTable(FabricTable * tempFabricTable) { mTempFabricTable = tempFabricTable; }
void SetTempFabricTable(FabricTable * tempFabricTable, bool enableServerInteractions)
{
mTempFabricTable = tempFabricTable;
mEnableServerInteractions = enableServerInteractions;
}

private:
DeviceControllerSystemState() {}
@@ -220,6 +224,8 @@ class DeviceControllerSystemState

bool mHaveShutDown = false;

bool mEnableServerInteractions = false;

void Shutdown();
};

0 comments on commit 2418592

Please sign in to comment.