Skip to content

Memory Allocation Fixes #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
haydenridd wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Memory Allocation Fixes #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion af_command.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,9 @@ uint16_t af_command_get_value_len(af_command_t *af_command) {
}

void af_command_get_value(af_command_t *af_command, uint8_t *value) {
memcpy(value, af_command->value, af_command->value_len);
if(af_command->value_len > 0) {
Copy link
Author

@haydenridd haydenridd Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this guard isn't here, memcpy regularly gets called with a nullptr for af_command->value. Always with a af_command->value_len = 0, which is why this doesn't cause worse behavior. Technically Undefined Behavior though.

memcpy(value, af_command->value, af_command->value_len);
}
}

const uint8_t *af_command_get_value_pointer(af_command_t *af_command) {
Expand Down
16 changes: 15 additions & 1 deletion af_lib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,19 @@ static int queue_get(af_lib_t *af_lib, uint8_t *message_type, uint8_t *request_i
return AF_ERROR_QUEUE_UNDERFLOW;
}

/**
* queue_free
*
* Empty queue and free any allocated memory associated with it
*/
static void queue_free() {
while (AF_QUEUE_PEEK_FROM_INTERRUPT(&s_request_queue)) {
request_t *p_event = (request_t *)AF_QUEUE_GET_FROM_INTERRUPT(&s_request_queue);
af_free(p_event->value);
AF_QUEUE_ELEM_FREE_FROM_INTERRUPT(&s_request_queue, p_event);
}
}

static void dump_queue_element(void* elem) {
uint16_t i = 0;
request_t *p_event = (request_t*)elem;
Expand Down Expand Up @@ -1002,6 +1015,7 @@ af_lib_t* af_lib_create(attr_set_handler_t attr_set, attr_notify_handler_t attr_
}

void af_lib_destroy(af_lib_t* af_lib) {
queue_free();
Copy link
Author

@haydenridd haydenridd Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Running aflib on Linux with some memory leak detectors caught this one. Memory related to the attribute queue is never freed on af_lib_destroy, this fixes that.

af_status_command_cleanup(&af_lib->tx_status);
af_status_command_cleanup(&af_lib->rx_status);
free(af_lib->asr_capability);
Expand Down Expand Up @@ -1054,7 +1068,7 @@ void af_lib_loop(af_lib_t *af_lib) {
* loop() for the operation to complete.
*/
af_lib_error_t af_lib_get_attribute(af_lib_t *af_lib, const uint16_t attr_id) {
uint8_t dummy; // This value isn't actually used.
uint8_t dummy = 0; // This value isn't actually used.
Copy link
Author

@haydenridd haydenridd Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may not be used, but we still probably shouldn't pass around pointers to uninitialized memory :)

af_lib->request_id++;
return queue_put(af_lib, MSG_TYPE_GET, af_lib->request_id, attr_id, 0, &dummy, 0, 0);
}
Expand Down