Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] DeviceControllerFactory::InitSystemState initializes FabricTable, but DeviceControllerSystemState::Shutdown() does not shut it down #22901

Closed
msandstedt opened this issue Sep 27, 2022 · 1 comment · Fixed by #22932
Closed

[BUG] DeviceControllerFactory::InitSystemState initializes FabricTable, but DeviceControllerSystemState::Shutdown() does not shut it down #22901

msandstedt opened this issue Sep 27, 2022 · 1 comment · Fixed by #22932
Assignees
@msandstedt
Labels
leak Memory leak bug

Comments

@msandstedt
Copy link
Contributor

msandstedt commented Sep 27, 2022
edited
Loading

Reproduction steps

Can be discovered by inspection.

FabricTable::Init is called here:

connectedhomeip/src/controller/CHIPDeviceControllerFactory.cpp

Line 184 in 33b4fab

ReturnErrorOnFailure(newFabricTable->Init(fabricTableInitParams));

FabricTable::Shutdown is not called here:

connectedhomeip/src/controller/CHIPDeviceControllerFactory.cpp

Line 464 in 33b4fab

if (mTempFabricTable != nullptr)

This can likely lead to leaks if FabricTable isn't freeing its dynamically allocated memory with Shutdown, e.g. these allocations:

connectedhomeip/src/credentials/FabricTable.cpp

Line 257 in 852c879

mOperationalKey = chip::Platform::New<P256Keypair>();

It was also discovered on adding the missing shutdown that the Python controller frees the storage delegate injected into the Fabric Table before the Fabric Table is freed, leading to use-after-free. That is addressed here:

#22963

Bug prevalence

Always occurs if DeviceControllerFactory allocates the FabricTable

GitHub hash of the SDK that was being used

33b4fab

Platform

other (controllers)

Platform Version(s)

No response

Anything else?

No response
@msandstedt
Copy link
Contributor Author

CC @gharveymn

@msandstedt msandstedt self-assigned this Sep 28, 2022
@msandstedt msandstedt mentioned this issue Sep 28, 2022
Merged
@msandstedt msandstedt added the leak Memory leak bug label Sep 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msandstedt msandstedt

Labels
leak Memory leak bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure that CHIPDeviceControllerFactory calls FabricTable::Shutdown msandstedt/connectedhomeip
1 participant
@msandstedt