MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crash in LocTimer wrapper

Browse source 
LocTimerWrapper implements loc_timer_start/stop calls for backward
compatibility. There is a race condtiion where the wrapper object
could be deleted by the client thread and expireation handling at
rough the same time, which would have the memory freed twice. Now
they are mutext protected.

Change-Id: I25d7466db88a840a8a09e7a476cface48c91d22e
This commit is contained in:
Kevin Tang 2015-07-20 15:36:06 -07:00 committed by Vamana Murthi
parent c9db5166b5
commit 153ba77107
2 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
utils/LocTimer.cpp
View file

@ -539,22 +539,38 @@ bool LocTimer::stop() {
class LocTimerWrapper : public LocTimer { class LocTimerWrapper : public LocTimer {
loc_timer_callback mCb; loc_timer_callback mCb;
void* mCallerData; void* mCallerData;
static pthread_mutex_t mMutex;
inline ~LocTimerWrapper() { mCb = NULL; }
public: public:
inline LocTimerWrapper(loc_timer_callback cb, void* callerData) : inline LocTimerWrapper(loc_timer_callback cb, void* callerData) :
mCb(cb), mCallerData(callerData) {} mCb(cb), mCallerData(callerData) {}
inline bool isAlive() { return mCb != NULL; }
void destroy() {
pthread_mutex_lock(&mMutex);
if (isAlive()) {
delete this;
}
pthread_mutex_unlock(&mMutex);
}
inline virtual void timeOutCallback() { inline virtual void timeOutCallback() {
mCb(mCallerData, 0); mCb(mCallerData, 0);
delete this; destroy();
} }
}; };
pthread_mutex_t LocTimerWrapper::mMutex = PTHREAD_MUTEX_INITIALIZER;
void* loc_timer_start(uint64_t msec, loc_timer_callback cb_func, void* loc_timer_start(uint64_t msec, loc_timer_callback cb_func,
void *caller_data, bool wake_on_expire) void *caller_data, bool wake_on_expire)
{ {
LocTimerWrapper* locTimerWrapper = new LocTimerWrapper(cb_func, caller_data); LocTimerWrapper* locTimerWrapper = NULL;
if (locTimerWrapper) { if (cb_func) {
locTimerWrapper->start(msec, wake_on_expire); locTimerWrapper = new LocTimerWrapper(cb_func, caller_data);
if (locTimerWrapper) {
locTimerWrapper->start(msec, wake_on_expire);
}
} }
return locTimerWrapper; return locTimerWrapper;
@ -565,7 +581,7 @@ void loc_timer_stop(void*& handle)
if (handle) { if (handle) {
LocTimerWrapper* locTimerWrapper = (LocTimerWrapper*)(handle); LocTimerWrapper* locTimerWrapper = (LocTimerWrapper*)(handle);
locTimerWrapper->stop(); locTimerWrapper->stop();
delete locTimerWrapper; locTimerWrapper->destroy();
handle = NULL; handle = NULL;
} }
} }

6
utils/loc_timer.h
View file

@ -45,7 +45,8 @@ typedef void (*loc_timer_callback)(void *user_data, int32_t result);
/* /*
delay_msec: timeout value for the timer. delay_msec: timeout value for the timer.
loc_timer_callback: callback function pointer, implemented by client. cb_func: callback function pointer, implemented by client.
Can not be NULL.
user_data: client context pointer, passthrough. Will be user_data: client context pointer, passthrough. Will be
returned when loc_timer_callback() is called. returned when loc_timer_callback() is called.
wakeOnExpire: true if to wake up CPU (if sleeping) upon timer wakeOnExpire: true if to wake up CPU (if sleeping) upon timer
@ -53,9 +54,10 @@ typedef void (*loc_timer_callback)(void *user_data, int32_t result);
false if to wait until next time CPU wakes up (if false if to wait until next time CPU wakes up (if
sleeping) and then notify the client. sleeping) and then notify the client.
Returns the handle, which can be used to stop the timer Returns the handle, which can be used to stop the timer
NULL, if timer start fails (e.g. if cb_func is NULL).
*/ */
void* loc_timer_start(uint64_t delay_msec, void* loc_timer_start(uint64_t delay_msec,
loc_timer_callback, loc_timer_callback cb_func,
void *user_data, void *user_data,
bool wake_on_expire=false); bool wake_on_expire=false);