Investigate possible leak of Bluetooth characteristic/descriptor objects. |
|||||
Issue descriptionThe current implementations for BluetoothRemoteGattServiceBlueZ and BluetoothRemoteGattCharacteristicBlueZ contain maps to the characteristics and descriptors they contain. It seems that the characteristics/descriptors being pointed to in these maps may be getting leaked. For example, a.) A descriptor gets discovered on a remote device, the characteristic object gets a call to GattDescriptorAdded. This adds an entry to the descriptors_ map with a newly created BluetoothGattDescriptorBlueZ object. b.) This descriptor is removed by the remote device, so a GattDescriptorRemoved call gets invoked on the characteristic object. This causes us to remove the entry in the map for the BluetoothGattDescriptorBlueZ object, but we don't delete the object. Instead the object is forwarded to the BluetoothAdapter::Observer::GattDescriptorRemoved function. As far as I can see, this observer function, in all its implementations, doesn't delete this descriptor object either. To be fair, this is a very unlikely situation to happen, since this will almost always happen when a remote device is removing a service. It is unlikely that it will that it will just remove one characteristic for a service or or one descriptor from a characteristic. This can happen though and this should be fixed.
,
Apr 25 2016
,
Apr 25 2016
,
May 10 2016
,
May 12 2016
I don't think there is a problem. The pointer does get deleted here: https://code.google.com/p/chromium/codesearch#chromium/src/device/bluetooth/bluez/bluetooth_remote_gatt_characteristic_bluez.cc&sq=package:chromium&type=cs&l=355&rcl=1463037465
,
May 14 2016
Indeed, the deletion of the pointers are handled properly, but the ownership of the pointers stored in CharacteristicMap[1] and DescriptorMap[2] is not clear. Besides, during the removal, the to-be-removed object should not be returned when others calling Getter functions. [1] https://code.google.com/p/chromium/codesearch#chromium/src/device/bluetooth/bluez/bluetooth_remote_gatt_service_bluez.h&q=CharacteristicMap&sq=package:chromium&type=cs&l=105 [2] https://code.google.com/p/chromium/codesearch#chromium/src/device/bluetooth/bluez/bluetooth_remote_gatt_characteristic_bluez.h&sq=package:chromium&type=cs&l=132&rcl=1463210287
,
Jan 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732 commit 8f3db5c349c6b673dc3fae075eb75aa4c4fcb732 Author: jdoerrie <jdoerrie@chromium.org> Date: Tue Jan 09 11:05:07 2018 [bluez] Fix Ownership of DescriptorMap and CharacteristicMap This change fixes the ownership of DescriptorMap and CharacteristicMap to use std::unique_ptrs instead of owning raw pointers. Bug: 604166 Change-Id: I19f6ce467b83fbfc75304f286cadba9ce824f7c7 Reviewed-on: https://chromium-review.googlesource.com/849994 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Miao-chen Chou <mcchou@chromium.org> Cr-Commit-Position: refs/heads/master@{#527963} [modify] https://crrev.com/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732/device/bluetooth/bluez/bluetooth_remote_gatt_characteristic_bluez.cc [modify] https://crrev.com/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732/device/bluetooth/bluez/bluetooth_remote_gatt_characteristic_bluez.h [modify] https://crrev.com/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732/device/bluetooth/bluez/bluetooth_remote_gatt_descriptor_bluez.h [modify] https://crrev.com/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732/device/bluetooth/bluez/bluetooth_remote_gatt_service_bluez.cc [modify] https://crrev.com/8f3db5c349c6b673dc3fae075eb75aa4c4fcb732/device/bluetooth/bluez/bluetooth_remote_gatt_service_bluez.h |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mcchou@chromium.org
, Apr 18 2016