[BUG] Freed memory is being used

**Describe the bug**
This bug releates to #570 which was solved in #707.

The bug was fixed by clearing pPassQueued and pPassAccept.
By calling https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L461
and https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_IP_Timers.c#L309
 the socket gets freed, however the parent socket might still have a reference to the socket.
When the user task calls FreeRTOS_accept it will check if the pPassAccept bit is set. If not FreeRTOS_accept will return NULL and everything is fine.
But the memory is freed already, so there is no guarantee that pPassAccept is still cleared.


**Target**
- Development board: [e.g. HiFive11 RevB]
- Instruction Set Architecture: ARM CortexA7
- IDE and version: Eclipse + CMake
- Toolchain and version: arm-none-eabi-gcc 10.3.1

**Host**
- Host OS: Ubuntu
- Version: 18.04

**To Reproduce**
The device acts as web server and the error happened by continuously refreshing the web site using https.
It did not happen when using http.

**Expected behavior**
Do not leave references to freed memory.

**Screenshots**
None

**Wireshark logs**
None

**Additional context**
***Added log lines:***
- logll_debug( BASE_FILE_NAME, "FreeRTOS_socket 0x%x", xReturn ); after https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L761
- logll_debug( BASE_FILE_NAME, "FreeRTOS_bind 0x%x %li", xSocket, xReturn ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L1773
- logll_debug( BASE_FILE_NAME, "FreeRTOS_closesocket - 0x%x", xSocket ); after https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L2019
- logll_debug( BASE_FILE_NAME, "vSocketClose 0x%x", pxSocket ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L2175
- `if( pxParentSocket->u.xTCP.pxPeerSocket != NULL )
                {
                    logll_debug( BASE_FILE_NAME, "pxClientSocket = pxParentSocket->u.xTCP.pxPeerSocket; 0x%x 0x%x 0x%x",
                            pxClientSocket, pxParentSocket, pxParentSocket->u.xTCP.pxPeerSocket );
                }` before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L3892
- `if( pxParentSocket != NULL )
                {
                    logll_debug( BASE_FILE_NAME, "pxClientSocket = pxParentSocket; 0x%x 0x%x", pxClientSocket, pxParentSocket );
                }` before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L3896
- logll_debug( BASE_FILE_NAME, "pxClientSocket = NULL;" ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L3910
- `if( pxClientSocket != NULL && pxClientSocket != FREERTOS_INVALID_SOCKET )
        {
            logll_debug( BASE_FILE_NAME, "FreeRTOS_accept 0x%x 0x%x", pxSocket, pxClientSocket );
        }` before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L4059
- logll_debug( BASE_FILE_NAME, "FreeRTOS_listen 0x%x %li", xSocket, xResult ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_Sockets.c#L4756
- logll_debug( BASE_FILE_NAME, "vSocketCloseNextTime 0x%x 0x%x", xSocketToClose, pxSocket ); after https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L111
- `else if( pxSocket != NULL )
        {
            logll_debug( BASE_FILE_NAME, "vSocketCloseNextTime set xSocketToClose 0x%x 0x%x", xSocketToClose, pxSocket );
        }` after https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L112
- logll_debug( BASE_FILE_NAME, "xParent = pxSocket->u.xTCP.pxPeerSocket; 0x%x 0x%x 0x%x", xParent, pxSocket, pxSocket->u.xTCP.pxPeerSocket ); after https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L325
- logll_debug( BASE_FILE_NAME, "xParent->u.xTCP.pxPeerSocket = pxSocket; 0x%x 0x%x", xParent, pxSocket ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L345
- logll_debug( BASE_FILE_NAME, "pxSocket->u.xTCP.pxPeerSocket = pxFound; 0x%x 0x%x", pxSocket, pxFound ); before https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/ef14a0871f6ed21c83a97eb176583b5a0cec67e7/source/FreeRTOS_TCP_IP.c#L718

***logll_debug*** is a function which writes the given text to a serial interface which is connected to the computer used for debugging.
Format of the log line: (_file name_ provided by macro BASE_FILE_NAME);(_log level_ 1 in case of debug);(_monotonic time_ in ms);(_log message_)


***Log lines where the described bug happens:***
_Creation of socket._
D:FreeRTOS_Sockets.c;1;38081;FreeRTOS_socket 0x7035c548
D:FreeRTOS_TCP_IP.c;1;38113;xParent = pxSocket->u.xTCP.pxPeerSocket; 0x70284130 0x7035c548 0x70284130
D:FreeRTOS_TCP_IP.c;1;38113;xParent->u.xTCP.pxPeerSocket = pxSocket; 0x70284130 0x7035c548

_IP-Task is closing the socket._
D:FreeRTOS_TCP_IP.c;1;38130;vSocketCloseNextTime set xSocketToClose 0x0 0x7035c548
D:FreeRTOS_Sockets.c;1;38130;vSocketClose 0x7035c548
D:FreeRTOS_TCP_IP.c;1;38130;vSocketCloseNextTime 0x7035c548 0x0

_Call FreeRTOS_accept from user task. The memory was not overwritten yet, so prvAcceptWaitClient returns NULL._
D:FreeRTOS_Sockets.c;1;38706;pxClientSocket = pxParentSocket->u.xTCP.pxPeerSocket; 0x0 0x70284130 0x7035c548

***Full logs***
[logs.txt](https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/files/14421120/logs.txt)

***Config***
[ipconfig.txt](https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/files/14421122/ipconfig.txt)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] Freed memory is being used #1110

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] Freed memory is being used #1110

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions