From de8ce0e43eca6da6ddc0f0d40f6062ada2cf46c8 Mon Sep 17 00:00:00 2001 From: Russ Butler Date: Sat, 15 Oct 2016 21:53:12 -0500 Subject: [PATCH] CFSTORE - Fix crashed due to uninit data When the config store is powered down area_0_head is freed, but area_0_len is not set to 0. This causes when cfstore_realloc_ex is called, since on the first allocation it appears that the config store size is decreasing, and therefore the data is not initialized. Since the data is uninitiated various fields such as the reference can have invalid values. On GCC_ARM built with heap stats enabled this manifests as a crash due to an invalid reference count. This patch fixes this problem by setting area_0_len to 0 when the data is freed. --- .../storage/FEATURE_STORAGE/cfstore/source/configuration_store.c | 1 + 1 file changed, 1 insertion(+) diff --git a/features/storage/FEATURE_STORAGE/cfstore/source/configuration_store.c b/features/storage/FEATURE_STORAGE/cfstore/source/configuration_store.c index 34150c48ae..5d71576452 100644 --- a/features/storage/FEATURE_STORAGE/cfstore/source/configuration_store.c +++ b/features/storage/FEATURE_STORAGE/cfstore/source/configuration_store.c @@ -4045,6 +4045,7 @@ static int32_t cfstore_uninitialise(void) CFSTORE_FREE(ctx->area_0_head); ctx->area_0_head = NULL; ctx->area_0_tail = NULL; + ctx->area_0_len = 0; } } out: