HAL: Fixed vendor HAL crash due to use-after-free
Vendor HAL crash happened due to use-after-free during RSSI monitor operation.
So, segmentation fault happened due to wrong memory access.
The situation is as follows:
-----------------------
// 11-21 13:26:17.284209 827 827 I WifiHAL : Successfully set RSSI monitoring
1. RSSI monitoring start
// The object(SetRSSIMonitorCommand, 0xb400007d2ba53970) has been deleted somewhere without calling unregisterVendorhandler().
2. About 40mins passed ~
// cmd->addRef(); /* invalid memory access => addr 0x50455f5245544651 */
3. Hal crashed due to use-after-free
-----------------------
Any logs for unregisterVendorhandler() & freeing the SetRSSIMonitorCommand object doesn't exist during that time.
So, the object(SetRSSIMonitorCommand, 0xb400007d2ba53970) seems to have been freed for some unknown reason.
We decided to fix like below:
-----------------------
- Add a destructor on the class, run unregisterVendorhandler() when the object is destroyed.
- Add more debug logs to find out why the object is destroyed.
-----------------------
We expect that the HAL crash may not happen by the destructor operation.
Bug: 207297786
Test: Verified using halutil, rssi_monitor function works well.
Test: Passed sanity test
Change-Id: Iaa30c7e0d901ae65d807258bed8239951f9be942
4 files changed