释放内存时,Tizen 本机服务偶尔会崩溃
Tizen native service crashes occasionally when memory freed
我正在开发一个 tizen 网络应用程序并执行一些后台操作,我正在使用本机服务。该服务在一段时间内运行良好,之后,当使用 free 释放一些使用 malloc 分配的内存时,它经常崩溃。
日志猫如下:
07-13 19:44:54.529+0900 W/AUL ( 2463): app_signal.c: aul_send_app_launch_request_signal(521) > aul_send_app_launch_request_signal app(org.example.emedicalbtleservice) pid(7630) type(svcapp) bg(0)
07-13 19:44:54.529+0900 W/AUL ( 7629): launch.c: app_request_to_launchpad(298) > request cmd(0) result(7630)
07-13 19:44:54.539+0900 W/STARTER ( 2654): pkg-monitor.c: _app_mgr_status_cb(395) > [_app_mgr_status_cb:395] Launch request [7630]
07-13 19:44:54.569+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 14
07-13 19:44:54.579+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 7630
07-13 19:44:54.579+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 14
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 7630
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_status.c: __socket_monitor_cb(1277) > (7630) was created
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 12
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 12
07-13 19:44:54.729+0900 E/PKGMGR_SERVER( 7542): pkgmgr-server.c: exit_server(1619) > exit_server Start [backend_status=1, queue_status=1]
07-13 19:44:54.729+0900 E/PKGMGR_SERVER( 7542): pkgmgr-server.c: main(2295) > package manager server terminated.
07-13 19:44:54.799+0900 I/emedicalbtleservice( 7630): /opt/usr/media
07-13 19:44:54.799+0900 I/emedicalbtleservice( 7630): /opt/usr/media/eMedicalBP.txt
07-13 19:44:54.989+0900 W/AUL ( 7638): daemon-manager-release-agent.c: main(12) > release agent : [2:/org.example.emedicalbtleservice]
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 23
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 0
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(1032) > pkg_status: installed, dead pid: 7630
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __send_app_termination_signal(528) > send dead signal done
07-13 19:44:55.009+0900 I/AUL_AMD ( 2463): amd_main.c: __app_dead_handler(262) > __app_dead_handler, pid: 7630
07-13 19:44:55.009+0900 W/AUL ( 2463): app_signal.c: aul_send_app_terminated_signal(799) > aul_send_app_terminated_signal pid(7630)
07-13 19:44:55.009+0900 W/CRASH_MANAGER( 7637): worker.c: worker_job(1205) > 0607630656d65149994269
代码片段:
char* read_file(const char* filepath)
{
FILE *fp = fopen(filepath, "r");
if (fp == NULL)
{
dlog_print(DLOG_ERROR, LOG_TAG, "Cannot open file");
return NULL;
}
fseek(fp, 0, SEEK_END);
int bufsize = ftell(fp);
rewind(fp);
if (bufsize < 1)
{
dlog_print(DLOG_ERROR, LOG_TAG, "Cannot open file");
return NULL;
}
char *buf = malloc(sizeof(char) * (bufsize));
memset(buf, '[=11=]', sizeof(buf));
char str[200];
while(fgets(str, 200, fp) != NULL)
{
sprintf(buf + strlen(buf), "%s", str);
}
fclose(fp);
return buf;
}
void get_password(char *filePath, int *password, bool *has_password)
{
char *fileContent = read_file(filePath); //charater pointer pointed to data read from file and memory allocated with malloc
if (fileContent == NULL)
{
*has_password = false;
dlog_print(DLOG_ERROR, LOG_TAG, "Do not have password");
return;
}
else
{
cJSON *root = cJSON_Parse(fileContent);
free(fileContent);
if (root != NULL && cJSON_IsObject(root))
{
cJSON *passwordArray = cJSON_DetachItemFromObjectCaseSensitive(root, "passwordArray");
cJSON_Delete(root);
root = NULL;
if (cJSON_IsArray(passwordArray))
{
for (int i = 0; i < cJSON_GetArraySize(passwordArray); ++i)
{
password[i] = cJSON_GetArrayItem(passwordArray, i)->valueint;
}
dlog_print(DLOG_INFO, LOG_TAG, "Has password");
*has_password = true;
}
else
{
dlog_print(DLOG_ERROR, LOG_TAG, "Password is not array");
*has_password = false;
}
cJSON_Delete(passwordArray);
}
else
{
dlog_print(DLOG_ERROR, LOG_TAG, "Content cannot be parsed");
*has_password = false;
}
if (root != NULL)
{
cJSON_Delete(root);
}
}
}
我正在使用 CJSON 库来解析存储在文件中的一些 JSON 内容。服务经常在执行free(fileContent);或cJSON_Delete(root);
后崩溃
在read_file中,你根据文件大小为buf分配了space,但是你没有考虑sprintf写的空终止符,所以你有可能导致堆损坏的缓冲区溢出。 (您也可以使用 fgets 直接读入缓冲区。)
我正在开发一个 tizen 网络应用程序并执行一些后台操作,我正在使用本机服务。该服务在一段时间内运行良好,之后,当使用 free 释放一些使用 malloc 分配的内存时,它经常崩溃。
日志猫如下:
07-13 19:44:54.529+0900 W/AUL ( 2463): app_signal.c: aul_send_app_launch_request_signal(521) > aul_send_app_launch_request_signal app(org.example.emedicalbtleservice) pid(7630) type(svcapp) bg(0)
07-13 19:44:54.529+0900 W/AUL ( 7629): launch.c: app_request_to_launchpad(298) > request cmd(0) result(7630)
07-13 19:44:54.539+0900 W/STARTER ( 2654): pkg-monitor.c: _app_mgr_status_cb(395) > [_app_mgr_status_cb:395] Launch request [7630]
07-13 19:44:54.569+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 14
07-13 19:44:54.579+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 7630
07-13 19:44:54.579+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 14
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 7630
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_status.c: __socket_monitor_cb(1277) > (7630) was created
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 12
07-13 19:44:54.599+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 12
07-13 19:44:54.729+0900 E/PKGMGR_SERVER( 7542): pkgmgr-server.c: exit_server(1619) > exit_server Start [backend_status=1, queue_status=1]
07-13 19:44:54.729+0900 E/PKGMGR_SERVER( 7542): pkgmgr-server.c: main(2295) > package manager server terminated.
07-13 19:44:54.799+0900 I/emedicalbtleservice( 7630): /opt/usr/media
07-13 19:44:54.799+0900 I/emedicalbtleservice( 7630): /opt/usr/media/eMedicalBP.txt
07-13 19:44:54.989+0900 W/AUL ( 7638): daemon-manager-release-agent.c: main(12) > release agent : [2:/org.example.emedicalbtleservice]
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(669) > __request_handler: 23
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __send_result_to_client(91) > __send_result_to_client, pid: 0
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __request_handler(1032) > pkg_status: installed, dead pid: 7630
07-13 19:44:54.989+0900 W/AUL_AMD ( 2463): amd_request.c: __send_app_termination_signal(528) > send dead signal done
07-13 19:44:55.009+0900 I/AUL_AMD ( 2463): amd_main.c: __app_dead_handler(262) > __app_dead_handler, pid: 7630
07-13 19:44:55.009+0900 W/AUL ( 2463): app_signal.c: aul_send_app_terminated_signal(799) > aul_send_app_terminated_signal pid(7630)
07-13 19:44:55.009+0900 W/CRASH_MANAGER( 7637): worker.c: worker_job(1205) > 0607630656d65149994269
代码片段:
char* read_file(const char* filepath)
{
FILE *fp = fopen(filepath, "r");
if (fp == NULL)
{
dlog_print(DLOG_ERROR, LOG_TAG, "Cannot open file");
return NULL;
}
fseek(fp, 0, SEEK_END);
int bufsize = ftell(fp);
rewind(fp);
if (bufsize < 1)
{
dlog_print(DLOG_ERROR, LOG_TAG, "Cannot open file");
return NULL;
}
char *buf = malloc(sizeof(char) * (bufsize));
memset(buf, '[=11=]', sizeof(buf));
char str[200];
while(fgets(str, 200, fp) != NULL)
{
sprintf(buf + strlen(buf), "%s", str);
}
fclose(fp);
return buf;
}
void get_password(char *filePath, int *password, bool *has_password)
{
char *fileContent = read_file(filePath); //charater pointer pointed to data read from file and memory allocated with malloc
if (fileContent == NULL)
{
*has_password = false;
dlog_print(DLOG_ERROR, LOG_TAG, "Do not have password");
return;
}
else
{
cJSON *root = cJSON_Parse(fileContent);
free(fileContent);
if (root != NULL && cJSON_IsObject(root))
{
cJSON *passwordArray = cJSON_DetachItemFromObjectCaseSensitive(root, "passwordArray");
cJSON_Delete(root);
root = NULL;
if (cJSON_IsArray(passwordArray))
{
for (int i = 0; i < cJSON_GetArraySize(passwordArray); ++i)
{
password[i] = cJSON_GetArrayItem(passwordArray, i)->valueint;
}
dlog_print(DLOG_INFO, LOG_TAG, "Has password");
*has_password = true;
}
else
{
dlog_print(DLOG_ERROR, LOG_TAG, "Password is not array");
*has_password = false;
}
cJSON_Delete(passwordArray);
}
else
{
dlog_print(DLOG_ERROR, LOG_TAG, "Content cannot be parsed");
*has_password = false;
}
if (root != NULL)
{
cJSON_Delete(root);
}
}
}
我正在使用 CJSON 库来解析存储在文件中的一些 JSON 内容。服务经常在执行free(fileContent);或cJSON_Delete(root);
在read_file中,你根据文件大小为buf分配了space,但是你没有考虑sprintf写的空终止符,所以你有可能导致堆损坏的缓冲区溢出。 (您也可以使用 fgets 直接读入缓冲区。)