When allocating memory with rtpp_r[z]malloc(), put the refcounter

before user-visible memory, so that overflow of the buffer would not cause silent refcounter overwrite. This has additional benefit of being able to move free() into rtpp_refcnt itself.
sippy · Sep 18, 2024 · 20eaf94 · 20eaf94
1 parent 7ac96d7
commit 20eaf94
Show file tree

Hide file tree

Showing 50 changed files with 57 additions and 154 deletions.
diff --git a/libre/rtpp_re.c b/libre/rtpp_re.c
@@ -63,7 +63,6 @@ mem_zalloc(size_t size, mem_destroy_h *dh)
     if (dh != NULL) {
         CALL_SMETHOD(pvt->rcnt, reg_pd, (rtpp_refcnt_dtor_t)dh, rp);
     }
-    CALL_SMETHOD(pvt->rcnt, use_stdfree, pvt);
     return (rp);
 }
 

diff --git a/modules/catch_dtmf/rtpp_catch_dtmf.c b/modules/catch_dtmf/rtpp_catch_dtmf.c
@@ -130,13 +130,6 @@ const static struct rtpp_minfo *_rtpp_module_catch_dtmf = &RTPP_MOD_SELF;
 DATA_SET(rtpp_modules, _rtpp_module_catch_dtmf);
 #endif
 
-static void
-rtpp_catch_dtmf_edata_dtor(void *p)
-{
-
-    mod_free(p);
-}
-
 static struct catch_dtmf_edata *
 rtpp_catch_dtmf_edata_ctor(enum rtpp_stream_side side)
 {
@@ -151,7 +144,6 @@ rtpp_catch_dtmf_edata_ctor(enum rtpp_stream_side side)
         edata->hst[i].digit = -1;
     }
     edata->side = side;
-    CALL_SMETHOD(edata->rcnt, attach, rtpp_catch_dtmf_edata_dtor, edata);
     return edata;
 e0:
     return (NULL);
@@ -273,7 +265,6 @@ catch_dtmf_data_dtor(struct catch_dtmf_stream_cfg *rtps_c)
 
     RTPP_OBJ_DECREF(rtps_c->rtdp);
     RTPP_OBJ_DECREF(rtps_c->edata);
-    free(rtps_c);
     RC_DECREF(RTPP_MOD_SELF.module_rcnt);
 }
 
@@ -306,7 +297,7 @@ catch_dtmf_data_ctor(const struct rtpp_subc_ctx *ctxp, const rtpp_str_t *dtmf_ta
 e2:
     RTPP_OBJ_DECREF(rtps_c->rtdp);
 e1:
-    mod_free(rtps_c);
+    RTPP_OBJ_DECREF(rtps_c);
 e0:
     return (NULL);
 }

diff --git a/modules/dtls_gw/rtpp_dtls.c b/modules/dtls_gw/rtpp_dtls.c
@@ -76,7 +76,6 @@ rtpp_dtls_dtor(struct rtpp_dtls_priv *pvt)
 
     X509_free(pvt->cert);
     SSL_CTX_free(pvt->ctx);
-    free(pvt);
 }
 
 struct rtpp_dtls *
@@ -117,7 +116,7 @@ rtpp_dtls_ctor(const struct rtpp_cfg *cfsp)
 e2:
     SSL_CTX_free(pvt->ctx);
 e1:
-    mod_free(pvt);
+    RTPP_OBJ_DECREF(&pvt->pub);
 e0:
     return (NULL);
 }

diff --git a/modules/dtls_gw/rtpp_dtls_conn.c b/modules/dtls_gw/rtpp_dtls_conn.c
@@ -195,7 +195,6 @@ rtpp_dtls_conn_dtor(struct rtpp_dtls_conn_priv *pvt)
     /* BIO_free(pvt->sbio_in); <- done by SSL_free() */
     SSL_free(pvt->ssl_ctx);
     BIO_meth_free(pvt->biomet);
-    free(pvt);
 }
 
 struct rtpp_dtls_conn *
@@ -253,7 +252,7 @@ rtpp_dtls_conn_ctor(const struct rtpp_cfg *cfsp, SSL_CTX *ctx,
 e2:
     BIO_meth_free(pvt->biomet);
 e1:
-    mod_free(pvt);
+    RTPP_OBJ_DECREF(&pvt->pub);
 e0:
     return (NULL);
 }

diff --git a/modules/dtls_gw/rtpp_dtls_gw.c b/modules/dtls_gw/rtpp_dtls_gw.c
@@ -205,7 +205,6 @@ dtls_gw_data_dtor(struct dtls_gw_stream_cfg *pvt)
 
     CALL_SMETHOD(pvt->dtls_conn, godead);
     RTPP_OBJ_DECREF(pvt->dtls_conn);
-    free(pvt);
     RC_DECREF(RTPP_MOD_SELF.module_rcnt);
 }
 
@@ -226,7 +225,7 @@ dtls_gw_data_ctor(struct rtpp_module_priv *pvt, struct rtpp_stream *dtls_strmp)
     CALL_SMETHOD(rtps_c->rcnt, attach, (rtpp_refcnt_dtor_t)dtls_gw_data_dtor, rtps_c);
     return (rtps_c);
 e1:
-    mod_free(rtps_c);
+    RTPP_OBJ_DECREF(rtps_c);
 e0:
     return (NULL);
 }

diff --git a/modules/ice_lite/rtpp_ice_lite.c b/modules/ice_lite/rtpp_ice_lite.c
@@ -274,7 +274,6 @@ ice_lite_data_dtor(struct ice_lite_agent_cfg *pvt)
     mem_deref(pvt->mb);
     mem_deref(pvt->sock);
     mem_deref(pvt->icem);
-    mod_free(pvt);
     RC_DECREF(RTPP_MOD_SELF.module_rcnt);
 }
 
@@ -337,7 +336,7 @@ ice_lite_data_ctor(int lufrag_len, int lpwd_len)
 e2:
     mem_deref(ila_c->icem);
 e1:
-    mod_free(ila_c);
+    RTPP_OBJ_DECREF(ila_c);
 e0:
     return (NULL);
 }

diff --git a/src/advanced/pproc_manager.c b/src/advanced/pproc_manager.c
@@ -95,7 +95,6 @@ pproc_handlers_dtor(struct pproc_handlers *hndlrs)
         if (ip->rcnt != NULL)
             RTPP_OBJ_DECREF(ip);
     }
-    free(hndlrs);
 }
 
 static struct pproc_handlers *
@@ -120,7 +119,6 @@ rtpp_pproc_mgr_dtor(struct pproc_manager_pvt *pvt)
     pthread_mutex_destroy(&pvt->lock);
     RTPP_OBJ_DECREF(pvt->rtpp_stats);
     RTPP_OBJ_DECREF(pvt->handlers);
-    free(pvt);
 }
 
 struct pproc_manager *
@@ -146,7 +144,7 @@ pproc_manager_ctor(struct rtpp_stats *rtpp_stats, int nprocs)
 e2:
     pthread_mutex_destroy(&pvt->lock);
 e1:
-    free(pvt);
+    RTPP_OBJ_DECREF(&(pvt->pub));
 e0:
     return (NULL);
 }

diff --git a/src/rtp_packet.c b/src/rtp_packet.c
@@ -95,7 +95,6 @@ rtp_packet_alloc()
     if (pkt == NULL) {
         return (NULL);
     }
-    CALL_SMETHOD(pkt->pub.rcnt, use_stdfree, pkt);
     pkt->pub.wi = &(pkt->pvt.wip.pub);
 
     return &(pkt->pub);

diff --git a/src/rtpp_acct.c b/src/rtpp_acct.c
@@ -114,5 +114,4 @@ rtpp_acct_dtor(struct rtpp_acct_priv *pvt)
         RTPP_OBJ_DECREF(pvt->pub.rtcp.a.rem_addr);
     if (pvt->pub.rtcp.o.rem_addr != NULL)
         RTPP_OBJ_DECREF(pvt->pub.rtcp.o.rem_addr);
-    free(pvt);
 }
diff --git a/src/rtpp_acct_rtcp.c b/src/rtpp_acct_rtcp.c
@@ -74,7 +74,6 @@ rtpp_acct_rtcp_ctor(const char *call_id, const struct rtp_packet *pp)
 e1:
     RTPP_OBJ_DECREF(pvt->pub.pkt);
     RTPP_OBJ_DECREF(&(pvt->pub));
-    free(pvt);
 e0:
     return (NULL);
 }
@@ -86,5 +85,4 @@ rtpp_acct_rtcp_dtor(struct rtpp_acct_rtcp_priv *pvt)
     /*rtpp_acct_rtcp_fin(&(pvt->pub));*/
     free((void *)pvt->pub.call_id);
     RTPP_OBJ_DECREF(pvt->pub.pkt);
-    free(pvt);
 }
diff --git a/src/rtpp_analyzer.c b/src/rtpp_analyzer.c
@@ -87,7 +87,6 @@ rtpp_analyzer_ctor(struct rtpp_log *log)
     return (rap);
 e0:
     RTPP_OBJ_DECREF(&(pvt->pub));
-    free(pvt);
     return (NULL);
 }
 
@@ -154,5 +153,4 @@ rtpp_analyzer_dtor(struct rtpp_analyzer_priv *pvt)
     rtpp_analyzer_fin(&(pvt->pub));
     rtpp_stats_destroy(&pvt->rstat);
     RTPP_OBJ_DECREF(pvt->log);
-    free(pvt);
 }
diff --git a/src/rtpp_cfile.c b/src/rtpp_cfile.c
@@ -227,8 +227,8 @@ parse_modules(const struct rtpp_cfg *csp, const ucl_object_t *wop)
         continue;
 e1:
         ecode = -1;
-        RTPP_OBJ_DECREF(mif);
         CALL_METHOD(mif, kaput);
+        RTPP_OBJ_DECREF(mif);
         goto e0;
     }
 e0:

diff --git a/src/rtpp_command_rcache.c b/src/rtpp_command_rcache.c
@@ -105,7 +105,6 @@ rtpp_cmd_rcache_ctor(struct rtpp_timed *rtpp_timed_cf, double min_ttl)
     RTPP_OBJ_DECREF(pvt->ht);
 e0:
     RTPP_OBJ_DECREF(&(pvt->pub));
-    free(pvt);
     return (NULL);
 }
 
@@ -116,7 +115,6 @@ rtpp_cmd_rcache_entry_free(void *p)
 
     rep = (struct rtpp_cmd_rcache_entry_pvt *)p;
     RC_DECREF(rep->reply_rcnt);
-    free(rep);
 }
 
 static void
@@ -185,7 +183,6 @@ rtpp_cmd_rcache_dtor(struct rtpp_cmd_rcache_pvt *pvt)
 
     rtpp_cmd_rcache_fin(&pvt->pub);
     RTPP_OBJ_DECREF(pvt->ht);
-    free(pvt);
 }
 
 static int

diff --git a/src/rtpp_command_reply.c b/src/rtpp_command_reply.c
@@ -110,7 +110,6 @@ rtpc_reply_ctor(const struct rtpp_command_ctx *ctx)
 #if defined(RTPP_DEBUG)
     pvt->pub.smethods = rtpc_reply_smethods;
 #endif
-    CALL_SMETHOD(pvt->pub.rcnt, use_stdfree, pvt);
     //CALL_SMETHOD(pvt->pub.rcnt, traceen, HEREVAL);
     return ((&pvt->pub));
 

diff --git a/src/rtpp_hash_table.c b/src/rtpp_hash_table.c
@@ -172,7 +172,6 @@ rtpp_hash_table_ctor(enum rtpp_ht_key_types key_type, int flags)
     free(pvt->l1);
 e1:
     RTPP_OBJ_DECREF(&(pvt->pub));
-    free(pvt);
 e0:
     return (NULL);
 }
@@ -202,7 +201,6 @@ hash_table_dtor(struct rtpp_hash_table_priv *pvt)
     RTPP_DBG_ASSERT(pvt->l1->hte_num == 0);
 
     free(pvt->l1);
-    free(pvt);
 }
 
 static inline uint64_t

diff --git a/src/rtpp_log_obj.c b/src/rtpp_log_obj.c
@@ -99,7 +99,6 @@ rtpp_log_obj_dtor(struct rtpp_log_priv *pvt)
     rtpp_log_fin(&pvt->pub);
     if (pvt->log != NULL)
         rtpp_log_close(pvt->log);
-    free(pvt);
 }
 
 static void

diff --git a/src/rtpp_mallocs.c b/src/rtpp_mallocs.c
@@ -57,11 +57,6 @@ rtpp_zmalloc_memdeb(size_t msize, void *memdeb_p, const struct rtpp_codeptr *mlp
     return (rval);
 }
 
-struct alig_help {
-    char a[1];
-    intmax_t b;
-};
-
 #define PpP(p1, p2, type) (type)(((char *)p1) + ((size_t)p2))
 
 void *
@@ -74,24 +69,26 @@ rtpp_rzmalloc_memdeb(size_t msize, size_t rcntp_offs, void *memdeb_p,
 {
     void *rval;
     struct rtpp_refcnt *rcnt;
-    size_t pad_size, asize;
+    size_t asize;
     void *rco;
 
     RTPP_DBG_ASSERT(msize >= rcntp_offs + sizeof(struct rtpp_refcnt *));
-    size_t norm_off = offsetof(struct alig_help, b);
-    pad_size = (norm_off - msize) & (norm_off - 1);
-    asize = msize + pad_size + rtpp_refcnt_osize;
+    asize = msize + rtpp_refcnt_osize;
 #if !defined(RTPP_CHECK_LEAKS)
-    rval = malloc(asize);
+    rco = malloc(asize);
 #else
-    rval = rtpp_memdeb_malloc(asize, memdeb_p, mlp);
+    rco = rtpp_memdeb_malloc(asize, memdeb_p, mlp);
 #endif
-    if (rval == NULL) {
+    if (rco == NULL) {
         return (NULL);
     }
-    memset(rval, '\0', asize);
-    rco = (char *)rval + msize + pad_size;
+    memset(rco, '\0', asize);
+    rval = (char *)rco + rtpp_refcnt_osize;
+#if !defined(RTPP_CHECK_LEAKS)
     rcnt = rtpp_refcnt_ctor_pa(rco);
+#else
+    rcnt = rtpp_refcnt_ctor_pa_memdeb(rco, memdeb_p);
+#endif
     *PpP(rval, rcntp_offs, struct rtpp_refcnt **) = rcnt;
 
     return (rval);
@@ -107,24 +104,26 @@ rtpp_rmalloc_memdeb(size_t msize, size_t rcntp_offs, void *memdeb_p,
 {
     void *rval;
     struct rtpp_refcnt *rcnt;
-    size_t pad_size, asize;
+    size_t asize;
     void *rco;
 
     RTPP_DBG_ASSERT(msize >= rcntp_offs + sizeof(struct rtpp_refcnt *));
-    size_t norm_off = offsetof(struct alig_help, b);
-    pad_size = (norm_off - msize) & (norm_off - 1);
-    asize = msize + pad_size + rtpp_refcnt_osize;
+    asize = msize + rtpp_refcnt_osize;
 #if !defined(RTPP_CHECK_LEAKS)
-    rval = malloc(asize);
+    rco = malloc(asize);
 #else
-    rval = rtpp_memdeb_malloc(asize, memdeb_p, mlp);
+    rco = rtpp_memdeb_malloc(asize, memdeb_p, mlp);
 #endif
-    if (rval == NULL) {
+    if (rco == NULL) {
         return (NULL);
     }
-    rco = (char *)rval + msize + pad_size;
+    rval = (char *)rco + rtpp_refcnt_osize;
     memset(rco, '\0', rtpp_refcnt_osize);
+#if !defined(RTPP_CHECK_LEAKS)
     rcnt = rtpp_refcnt_ctor_pa(rco);
+#else
+    rcnt = rtpp_refcnt_ctor_pa_memdeb(rco, memdeb_p);
+#endif
     *PpP(rval, rcntp_offs, struct rtpp_refcnt **) = rcnt;
 
     return (rval);

diff --git a/src/rtpp_memdeb.c b/src/rtpp_memdeb.c
@@ -564,7 +564,7 @@ rtpp_memdeb_dumpstats(void *p, int nostdout)
          * function.
          */
         if (pvt->_md_glog != NULL) {
-            if (ptr2mpf(pvt, pvt->_md_glog, HEREVAL)->mnp == mnp && nunalloc > 0)
+            if (ptr2mpf(pvt, pvt->_md_glog->rcnt, HEREVAL)->mnp == mnp && nunalloc > 0)
                 nunalloc--;
         }
         if (mnp->mstats.afails == 0) {

diff --git a/src/rtpp_modman.c b/src/rtpp_modman.c
@@ -86,10 +86,9 @@ rtpp_modman_dtor(struct rtpp_modman_priv *pvt)
     rtpp_modman_fin(&(pvt->pub));
     for (mif = RTPP_LIST_HEAD(&pvt->all); mif != NULL; mif = tmp) {
         tmp = RTPP_ITER_NEXT(mif);
-        RTPP_OBJ_DECREF(mif);
         CALL_METHOD(mif, kaput);
+        RTPP_OBJ_DECREF(mif);
     }
-    free(pvt);
 }
 
 static void