From 2154c78ff37e553d2a3a8a6218ff6095725b9d20 Mon Sep 17 00:00:00 2001 From: Ronan Abhamon Date: Tue, 6 Mar 2018 12:28:09 +0100 Subject: [PATCH] fix(ChatMessage): avoid invalid read of destroyed strings, and construct C++ cache correctly!!! --- src/c-wrapper/api/c-chat-message.cpp | 44 +++++++++++++++----------- src/chat/chat-message/chat-message-p.h | 6 ++-- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/src/c-wrapper/api/c-chat-message.cpp b/src/c-wrapper/api/c-chat-message.cpp index 1c4fb7c62..4b99e8bcb 100644 --- a/src/c-wrapper/api/c-chat-message.cpp +++ b/src/c-wrapper/api/c-chat-message.cpp @@ -23,14 +23,14 @@ #include "ortp/b64.h" -#include "c-wrapper/c-wrapper.h" #include "address/address.h" -#include "content/content.h" -#include "content/content-type.h" +#include "c-wrapper/c-wrapper.h" #include "chat/chat-message/chat-message-p.h" #include "chat/chat-room/chat-room-p.h" #include "chat/chat-room/real-time-text-chat-room-p.h" #include "chat/notification/imdn.h" +#include "content/content-type.h" +#include "content/content.h" // ============================================================================= @@ -45,13 +45,18 @@ L_DECLARE_C_OBJECT_IMPL_WITH_XTORS(ChatMessage, LinphoneAddress *from; // cache for shared_ptr
LinphoneAddress *to; // cache for shared_ptr
LinphoneChatMessageStateChangedCb message_state_changed_cb; - void* message_state_changed_user_data; - mutable char *contentTypeCache; - mutable std::string textContentBody; + void *message_state_changed_user_data; + + struct Cache { + string contentType; + string textContentBody; + string customHeaderValue; + } mutable cache; ) static void _linphone_chat_message_constructor (LinphoneChatMessage *msg) { msg->cbs = linphone_chat_message_cbs_new(); + new(&msg->cache) LinphoneChatMessage::Cache(); } static void _linphone_chat_message_destructor (LinphoneChatMessage *msg) { @@ -61,8 +66,8 @@ static void _linphone_chat_message_destructor (LinphoneChatMessage *msg) { linphone_address_unref(msg->from); if (msg->to) linphone_address_unref(msg->to); - if (msg->contentTypeCache) - ms_free(msg->contentTypeCache); + + msg->cache.~Cache(); } // ============================================================================= @@ -160,8 +165,11 @@ void linphone_chat_message_set_file_transfer_filepath(LinphoneChatMessage *msg, L_GET_PRIVATE_FROM_C_OBJECT(msg)->setFileTransferFilepath(L_C_TO_STRING(filepath)); } -void linphone_chat_message_add_custom_header(LinphoneChatMessage *msg, const char *header_name, - const char *header_value) { +void linphone_chat_message_add_custom_header( + LinphoneChatMessage *msg, + const char *header_name, + const char *header_value +) { L_GET_PRIVATE_FROM_C_OBJECT(msg)->addSalCustomHeader(L_C_TO_STRING(header_name), L_C_TO_STRING(header_value)); } @@ -170,7 +178,8 @@ void linphone_chat_message_remove_custom_header(LinphoneChatMessage *msg, const } const char *linphone_chat_message_get_custom_header(LinphoneChatMessage *msg, const char *header_name) { - return L_STRING_TO_C(L_GET_PRIVATE_FROM_C_OBJECT(msg)->getSalCustomHeaderValue(L_C_TO_STRING(header_name))); + msg->cache.customHeaderValue = L_GET_PRIVATE_FROM_C_OBJECT(msg)->getSalCustomHeaderValue(L_C_TO_STRING(header_name)); + return L_STRING_TO_C(msg->cache.customHeaderValue); } const LinphoneErrorInfo *linphone_chat_message_get_error_info(const LinphoneChatMessage *msg) { @@ -229,8 +238,8 @@ const char *linphone_chat_message_get_text_content(const LinphoneChatMessage *ms const LinphonePrivate::Content *content = L_GET_PRIVATE_FROM_C_OBJECT(msg)->getTextContent(); if (content->isEmpty()) return nullptr; - msg->textContentBody = content->getBodyAsString(); - return L_STRING_TO_C(msg->textContentBody); + msg->cache.textContentBody = content->getBodyAsString(); + return L_STRING_TO_C(msg->cache.textContentBody); } // ============================================================================= @@ -257,12 +266,9 @@ void * linphone_chat_message_get_message_state_changed_cb_user_data(LinphoneChat // Structure has changed, hard to keep the behavior // ============================================================================= -const char * linphone_chat_message_get_content_type(LinphoneChatMessage *msg) { - if (msg->contentTypeCache) { - ms_free(msg->contentTypeCache); - } - msg->contentTypeCache = ms_strdup(L_STRING_TO_C(L_GET_PRIVATE_FROM_C_OBJECT(msg)->getContentType().asString())); - return msg->contentTypeCache; +const char *linphone_chat_message_get_content_type(LinphoneChatMessage *msg) { + msg->cache.contentType = L_GET_PRIVATE_FROM_C_OBJECT(msg)->getContentType().asString(); + return L_STRING_TO_C(msg->cache.contentType); } void linphone_chat_message_set_content_type(LinphoneChatMessage *msg, const char *content_type) { diff --git a/src/chat/chat-message/chat-message-p.h b/src/chat/chat-message/chat-message-p.h index 740900df0..730270265 100644 --- a/src/chat/chat-message/chat-message-p.h +++ b/src/chat/chat-message/chat-message-p.h @@ -102,9 +102,9 @@ public: SalCustomHeader *getSalCustomHeaders () const; void setSalCustomHeaders (SalCustomHeader *headers); - void addSalCustomHeader (const std::string& name, const std::string& value); - void removeSalCustomHeader (const std::string& name); - std::string getSalCustomHeaderValue (const std::string& name); + void addSalCustomHeader (const std::string &name, const std::string &value); + void removeSalCustomHeader (const std::string &name); + std::string getSalCustomHeaderValue (const std::string &name); void loadFileTransferUrlFromBodyToContent ();