From d7f20e31af2eb7f0085c2344cda8fdf2a7684f2e Mon Sep 17 00:00:00 2001 From: Alessandro Ranellucci Date: Thu, 12 May 2022 13:44:25 +0200 Subject: [PATCH 1/3] Bugfix: reference counting was accessing freed memory --- src/local/BLELocalAttribute.cpp | 14 ++++++++------ src/local/BLELocalAttribute.h | 4 +++- src/remote/BLERemoteAttribute.cpp | 14 ++++++++------ src/remote/BLERemoteAttribute.h | 3 ++- 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/local/BLELocalAttribute.cpp b/src/local/BLELocalAttribute.cpp index ce3010a0..9cc5dc64 100644 --- a/src/local/BLELocalAttribute.cpp +++ b/src/local/BLELocalAttribute.cpp @@ -19,9 +19,10 @@ #include "BLELocalAttribute.h" +std::map BLELocalAttribute::_refCount; + BLELocalAttribute::BLELocalAttribute(const char* uuid) : - _uuid(uuid), - _refCount(0) + _uuid(uuid) { } @@ -51,14 +52,15 @@ enum BLEAttributeType BLELocalAttribute::type() const int BLELocalAttribute::retain() { - _refCount++; + _refCount[this]++; - return _refCount; + return _refCount[this]; } int BLELocalAttribute::release() { - _refCount--; + _refCount[this]--; + if (_refCount[this] == 0) _refCount.erase(this); - return _refCount; + return _refCount[this]; } diff --git a/src/local/BLELocalAttribute.h b/src/local/BLELocalAttribute.h index 2af948c3..f24cc5ad 100644 --- a/src/local/BLELocalAttribute.h +++ b/src/local/BLELocalAttribute.h @@ -22,6 +22,8 @@ #include "utility/BLEUuid.h" +#include + #define BLE_ATTRIBUTE_TYPE_SIZE 2 enum BLEAttributeType { @@ -54,7 +56,7 @@ class BLELocalAttribute private: BLEUuid _uuid; - int _refCount; + static std::map _refCount; }; #endif diff --git a/src/remote/BLERemoteAttribute.cpp b/src/remote/BLERemoteAttribute.cpp index 3018f161..3b3a25d4 100644 --- a/src/remote/BLERemoteAttribute.cpp +++ b/src/remote/BLERemoteAttribute.cpp @@ -21,9 +21,10 @@ #include "BLERemoteAttribute.h" +std::map BLERemoteAttribute::_refCount; + BLERemoteAttribute::BLERemoteAttribute(const uint8_t uuid[], uint8_t uuidLen) : - _uuid(BLEUuid::uuidToString(uuid, uuidLen)), - _refCount(0) + _uuid(BLEUuid::uuidToString(uuid, uuidLen)) { } @@ -38,14 +39,15 @@ const char* BLERemoteAttribute::uuid() const int BLERemoteAttribute::retain() { - _refCount++; + _refCount[this]++; - return _refCount; + return _refCount[this]; } int BLERemoteAttribute::release() { - _refCount--; + _refCount[this]--; + if (_refCount[this] == 0) _refCount.erase(this); - return _refCount; + return _refCount[this]; } diff --git a/src/remote/BLERemoteAttribute.h b/src/remote/BLERemoteAttribute.h index 2d10e5ba..627bb103 100644 --- a/src/remote/BLERemoteAttribute.h +++ b/src/remote/BLERemoteAttribute.h @@ -21,6 +21,7 @@ #define _BLE_REMOTE_ATTRIBUTE_H_ #include +#include class BLERemoteAttribute { @@ -35,7 +36,7 @@ class BLERemoteAttribute private: String _uuid; - int _refCount; + static std::map _refCount; }; #endif From db2e240d3e61b122445e58295108a07c36ab9780 Mon Sep 17 00:00:00 2001 From: Alessandro Ranellucci Date: Thu, 12 May 2022 15:12:16 +0200 Subject: [PATCH 2/3] Prevent double object deletion --- src/BLECharacteristic.cpp | 4 ++-- src/BLEDescriptor.cpp | 4 ++-- src/BLEService.cpp | 4 ++-- src/local/BLELocalCharacteristic.cpp | 2 +- src/local/BLELocalService.cpp | 2 +- src/remote/BLERemoteCharacteristic.cpp | 2 +- src/remote/BLERemoteDevice.cpp | 2 +- src/remote/BLERemoteService.cpp | 2 +- src/utility/GATT.cpp | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/BLECharacteristic.cpp b/src/BLECharacteristic.cpp index 9a07cb9d..6da1775f 100644 --- a/src/BLECharacteristic.cpp +++ b/src/BLECharacteristic.cpp @@ -72,11 +72,11 @@ BLECharacteristic::BLECharacteristic(const BLECharacteristic& other) BLECharacteristic::~BLECharacteristic() { - if (_local && _local->release() <= 0) { + if (_local && _local->release() == 0) { delete _local; } - if (_remote && _remote->release() <= 0) { + if (_remote && _remote->release() == 0) { delete _remote; } } diff --git a/src/BLEDescriptor.cpp b/src/BLEDescriptor.cpp index 7a6736b0..366b89aa 100644 --- a/src/BLEDescriptor.cpp +++ b/src/BLEDescriptor.cpp @@ -72,11 +72,11 @@ BLEDescriptor::BLEDescriptor(const BLEDescriptor& other) BLEDescriptor::~BLEDescriptor() { - if (_local && _local->release() <= 0) { + if (_local && _local->release() == 0) { delete _local; } - if (_remote && _remote->release() <= 0) { + if (_remote && _remote->release() == 0) { delete _remote; } } diff --git a/src/BLEService.cpp b/src/BLEService.cpp index 7b5df148..b3f33739 100644 --- a/src/BLEService.cpp +++ b/src/BLEService.cpp @@ -65,11 +65,11 @@ BLEService::BLEService(const BLEService& other) BLEService::~BLEService() { - if (_local && _local->release() <= 0) { + if (_local && _local->release() == 0) { delete _local; } - if (_remote && _remote->release() <= 0) { + if (_remote && _remote->release() == 0) { delete _remote; } } diff --git a/src/local/BLELocalCharacteristic.cpp b/src/local/BLELocalCharacteristic.cpp index 333d00b2..a53c4006 100644 --- a/src/local/BLELocalCharacteristic.cpp +++ b/src/local/BLELocalCharacteristic.cpp @@ -62,7 +62,7 @@ BLELocalCharacteristic::~BLELocalCharacteristic() for (unsigned int i = 0; i < descriptorCount(); i++) { BLELocalDescriptor* d = descriptor(i); - if (d->release() <= 0) { + if (d->release() == 0) { delete d; } } diff --git a/src/local/BLELocalService.cpp b/src/local/BLELocalService.cpp index 442c5422..58957342 100644 --- a/src/local/BLELocalService.cpp +++ b/src/local/BLELocalService.cpp @@ -33,7 +33,7 @@ BLELocalService::~BLELocalService() for (unsigned int i = 0; i < characteristicCount(); i++) { BLELocalCharacteristic* c = characteristic(i); - if (c->release() <= 0) { + if (c->release() == 0) { delete c; } } diff --git a/src/remote/BLERemoteCharacteristic.cpp b/src/remote/BLERemoteCharacteristic.cpp index bbd98ddf..dd74c61b 100644 --- a/src/remote/BLERemoteCharacteristic.cpp +++ b/src/remote/BLERemoteCharacteristic.cpp @@ -43,7 +43,7 @@ BLERemoteCharacteristic::~BLERemoteCharacteristic() for (unsigned int i = 0; i < descriptorCount(); i++) { BLERemoteDescriptor* d = descriptor(i); - if (d->release() <= 0) { + if (d->release() == 0) { delete d; } } diff --git a/src/remote/BLERemoteDevice.cpp b/src/remote/BLERemoteDevice.cpp index 5a49f26f..1a4a67ab 100644 --- a/src/remote/BLERemoteDevice.cpp +++ b/src/remote/BLERemoteDevice.cpp @@ -50,7 +50,7 @@ void BLERemoteDevice::clearServices() for (unsigned int i = 0; i < serviceCount(); i++) { BLERemoteService* s = service(i); - if (s->release() <= 0) { + if (s->release() == 0) { delete s; } } diff --git a/src/remote/BLERemoteService.cpp b/src/remote/BLERemoteService.cpp index fd5c0ba6..f7461290 100644 --- a/src/remote/BLERemoteService.cpp +++ b/src/remote/BLERemoteService.cpp @@ -31,7 +31,7 @@ BLERemoteService::~BLERemoteService() for (unsigned int i = 0; i < characteristicCount(); i++) { BLERemoteCharacteristic* c = characteristic(i); - if (c->release() <= 0) { + if (c->release() == 0) { delete c; } } diff --git a/src/utility/GATT.cpp b/src/utility/GATT.cpp index 373213b9..3b42628b 100644 --- a/src/utility/GATT.cpp +++ b/src/utility/GATT.cpp @@ -164,7 +164,7 @@ void GATTClass::clearAttributes() for (unsigned int i = 0; i < attributeCount(); i++) { BLELocalAttribute* a = attribute(i); - if (a->release() <= 0) { + if (a->release() == 0) { delete a; } } From 82a5bb85a98db67ec98c48073dd25aeaf8d037f9 Mon Sep 17 00:00:00 2001 From: Alessandro Ranellucci Date: Thu, 12 May 2022 18:22:06 +0200 Subject: [PATCH 3/3] Disable refcounting on Uno WiFi rev2 not providing std::map --- src/local/BLELocalAttribute.cpp | 12 ++++++++++-- src/local/BLELocalAttribute.h | 5 +++++ src/remote/BLERemoteAttribute.cpp | 12 ++++++++++-- src/remote/BLERemoteAttribute.h | 6 ++++++ 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/local/BLELocalAttribute.cpp b/src/local/BLELocalAttribute.cpp index 9cc5dc64..762d2457 100644 --- a/src/local/BLELocalAttribute.cpp +++ b/src/local/BLELocalAttribute.cpp @@ -19,7 +19,9 @@ #include "BLELocalAttribute.h" +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 std::map BLELocalAttribute::_refCount; +#endif BLELocalAttribute::BLELocalAttribute(const char* uuid) : _uuid(uuid) @@ -52,15 +54,21 @@ enum BLEAttributeType BLELocalAttribute::type() const int BLELocalAttribute::retain() { +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 _refCount[this]++; - return _refCount[this]; +#else + return -1; +#endif } int BLELocalAttribute::release() { +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 _refCount[this]--; if (_refCount[this] == 0) _refCount.erase(this); - return _refCount[this]; +#else + return -1; +#endif } diff --git a/src/local/BLELocalAttribute.h b/src/local/BLELocalAttribute.h index f24cc5ad..add363c0 100644 --- a/src/local/BLELocalAttribute.h +++ b/src/local/BLELocalAttribute.h @@ -22,7 +22,9 @@ #include "utility/BLEUuid.h" +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 #include +#endif #define BLE_ATTRIBUTE_TYPE_SIZE 2 @@ -56,7 +58,10 @@ class BLELocalAttribute private: BLEUuid _uuid; + +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 static std::map _refCount; +#endif }; #endif diff --git a/src/remote/BLERemoteAttribute.cpp b/src/remote/BLERemoteAttribute.cpp index 3b3a25d4..60da2296 100644 --- a/src/remote/BLERemoteAttribute.cpp +++ b/src/remote/BLERemoteAttribute.cpp @@ -21,7 +21,9 @@ #include "BLERemoteAttribute.h" +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 std::map BLERemoteAttribute::_refCount; +#endif BLERemoteAttribute::BLERemoteAttribute(const uint8_t uuid[], uint8_t uuidLen) : _uuid(BLEUuid::uuidToString(uuid, uuidLen)) @@ -39,15 +41,21 @@ const char* BLERemoteAttribute::uuid() const int BLERemoteAttribute::retain() { +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 _refCount[this]++; - return _refCount[this]; +#else + return -1; +#endif } int BLERemoteAttribute::release() { +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 _refCount[this]--; if (_refCount[this] == 0) _refCount.erase(this); - return _refCount[this]; +#else + return -1; +#endif } diff --git a/src/remote/BLERemoteAttribute.h b/src/remote/BLERemoteAttribute.h index 627bb103..225e9d5d 100644 --- a/src/remote/BLERemoteAttribute.h +++ b/src/remote/BLERemoteAttribute.h @@ -21,7 +21,10 @@ #define _BLE_REMOTE_ATTRIBUTE_H_ #include + +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 #include +#endif class BLERemoteAttribute { @@ -36,7 +39,10 @@ class BLERemoteAttribute private: String _uuid; + +#ifndef ARDUINO_AVR_UNO_WIFI_REV2 static std::map _refCount; +#endif }; #endif