From b020be13f67838047d1c2532cf66a99ceb28cddf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beat=20K=C3=BCng?= <beat-kueng@gmx.net>
Date: Tue, 29 Nov 2016 09:25:52 +0100
Subject: [PATCH] flashparams: fix memory leak when saving parameters

A large buffer on the heap was not deallocated when parameters were saved,
but there were no changes to the parameters. In that case
parameter_flashfs_write() was not called, which was previously responsible
for freeing the buffer.

This patch moves the responsibility of freeing the buffer to the calling
side, which already explicitly allocates the buffer.
---
 src/modules/systemlib/flashparams/flashfs.c   | 20 ++++++++--------
 src/modules/systemlib/flashparams/flashfs.h   | 23 ++++++++++++++-----
 .../systemlib/flashparams/flashparams.c       |  1 +
 3 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/src/modules/systemlib/flashparams/flashfs.c b/src/modules/systemlib/flashparams/flashfs.c
index c1c05ad321..d3a8d1c19d 100644
--- a/src/modules/systemlib/flashparams/flashfs.c
+++ b/src/modules/systemlib/flashparams/flashfs.c
@@ -132,12 +132,12 @@ const flash_file_token_t parameters_token = {
  * Name: parameter_flashfs_free
  *
  * Description:
- *   Frees  dynamicaly allocated memory
+ *   Frees  dynamically allocated memory
  *
  *
  ****************************************************************************/
 
-static void parameter_flashfs_free(void)
+void parameter_flashfs_free(void)
 {
 	if (!working_buffer_static && working_buffer != NULL) {
 		free(working_buffer);
@@ -769,7 +769,7 @@ int parameter_flashfs_read(flash_file_token_t token, uint8_t **buffer, size_t
  *   token      - File Token File to read
  *   buffer      - A pointer to a buffer with buf_size bytes to be written
  *                 to the flash. This buffer must be allocated
- *                 with a previous call to flash_alloc_buffer
+ *                 with a previous call to parameter_flashfs_alloc
  *   buf_size    - Number of bytes to write
  *
  * Returned value:
@@ -806,7 +806,6 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
 			/* No Space */
 
 			if (pf == 0) {
-				parameter_flashfs_free();
 				return -ENOSPC;
 			}
 
@@ -829,7 +828,6 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
 				rv = erase_entry(pf);
 
 				if (rv < 0) {
-					parameter_flashfs_free();
 					return rv;
 				}
 
@@ -848,7 +846,6 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
 				/* Will the data fit */
 
 				if (current_sector->size < total_size) {
-					parameter_flashfs_free();
 					return -ENOSPC;
 				}
 
@@ -861,7 +858,6 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
 				rv = erase_entry(pf);
 
 				if (rv < 0) {
-					parameter_flashfs_free();
 					return rv;
 				}
 
@@ -892,7 +888,6 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
 		}
 	}
 
-	parameter_flashfs_free();
 	return rv;
 }
 
@@ -903,6 +898,7 @@ parameter_flashfs_write(flash_file_token_t token, uint8_t *buffer, size_t buf_si
  *   This function is called to get a buffer to use in a subsequent call
  *   to parameter_flashfs_write. The address returned is advanced into the
  *   buffer to reserve space for the flash entry header.
+ *   The caller is responsible to call parameter_flashfs_free after usage.
  *
  * Input Parameters:
  *   token      - File Token File to read (not used)
@@ -1003,9 +999,9 @@ int parameter_flashfs_erase(void)
  *                  space is reserved in the front for the
  *                  flash_entry_header_t.
  *                  If this is passes as NULL. The buffer will be
- *                  allocated from the heap on callse to
- *                  parameter_flashfs_alloc and fread on calls calls
- *                  to parameter_flashfs_write
+ *                  allocated from the heap on calls to
+ *                  parameter_flashfs_alloc and fread on calls
+ *                  to parameter_flashfs_free
  *
  *   size         - The size of the buffer in bytes. Should be be 0 if buffer
  *                  is NULL
@@ -1091,6 +1087,7 @@ __EXPORT void test(void)
 		buf_size = a;
 		written = parameter_flashfs_write(parameters_token, fbuffer, buf_size);
 		read = parameter_flashfs_read(parameters_token, &fbuffer, &buf_size);
+		parameter_flashfs_free();
 
 		if (read != written) {
 			static volatile int j;
@@ -1106,6 +1103,7 @@ __EXPORT void test(void)
 		buf_size = block;
 		written = parameter_flashfs_write(parameters_token, fbuffer, buf_size);
 		read = parameter_flashfs_read(parameters_token, &fbuffer, &buf_size);
+		parameter_flashfs_free();
 
 		if (read != written) {
 			static volatile int j;
diff --git a/src/modules/systemlib/flashparams/flashfs.h b/src/modules/systemlib/flashparams/flashfs.h
index 65bcb48d00..d7c5df3c2d 100644
--- a/src/modules/systemlib/flashparams/flashfs.h
+++ b/src/modules/systemlib/flashparams/flashfs.h
@@ -119,9 +119,9 @@ typedef struct sector_descriptor_t {
  *                  space is reserved in the front for the
  *                  flash_entry_header_t.
  *                  If this is passes as NULL. The buffer will be
- *                  allocated from the heap on callse to
- *                  parameter_flashfs_alloc and fread on calls calls
- *                  to parameter_flashfs_write
+ *                  allocated from the heap on calls to
+ *                  parameter_flashfs_alloc and fread on calls
+ *                  to parameter_flashfs_free
  *
  *   size         - The size of the buffer in bytes. Should be be 0 if buffer
  *                  is NULL
@@ -167,13 +167,11 @@ __EXPORT int parameter_flashfs_read(flash_file_token_t ft, uint8_t **buffer, siz
  *   token      - File Token File to read
  *   buffer      - A pointer to a buffer with buf_size bytes to be written
  *                 to the flash. This buffer must be allocated
- *                 with a previous call to flash_alloc_buffer
+ *                 with a previous call to parameter_flashfs_alloc
  *   buf_size    - Number of bytes to write
  *
  * Returned value:
  *   On success the number of bytes written On Error a negative value of errno
- *   If static buffer was not provided to parameter_flashfs_init the
- *   buffer will be freed.
  *
  ****************************************************************************/
 
@@ -216,5 +214,18 @@ __EXPORT int parameter_flashfs_erase(void);
  ****************************************************************************/
 
 __EXPORT int parameter_flashfs_alloc(flash_file_token_t ft, uint8_t **buffer, size_t *buf_size);
+
+
+/****************************************************************************
+ * Name: parameter_flashfs_free
+ *
+ * Description:
+ *   Frees  dynamically allocated memory
+ *
+ *
+ ****************************************************************************/
+
+__EXPORT void parameter_flashfs_free(void);
+
 __END_DECLS
 #endif /* _SYSTEMLIB_FLASHPARAMS_NUTTX_PARAM_H */
diff --git a/src/modules/systemlib/flashparams/flashparams.c b/src/modules/systemlib/flashparams/flashparams.c
index fa474dffdf..69aefb03ad 100644
--- a/src/modules/systemlib/flashparams/flashparams.c
+++ b/src/modules/systemlib/flashparams/flashparams.c
@@ -202,6 +202,7 @@ out:
 			}
 
 			free(enc_buff);
+			parameter_flashfs_free();
 		}
 	}