]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/socket.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / socket.cpp
index 228fe79a28d64f10c1ab23ed31520131e77621d4..699d2881a148ec1caba28369c68e54a06b7bafcc 100644 (file)
@@ -7,7 +7,7 @@
 //             (C) 1999-2000, Guillermo Rodriguez Garcia
 //             (C) 2008 Vadim Zeitlin
 // RCS_ID:     $Id$
 //             (C) 1999-2000, Guillermo Rodriguez Garcia
 //             (C) 2008 Vadim Zeitlin
 // RCS_ID:     $Id$
-// License:    wxWindows licence
+// Licence:    wxWindows licence
 /////////////////////////////////////////////////////////////////////////////
 
 // ==========================================================================
 /////////////////////////////////////////////////////////////////////////////
 
 // ==========================================================================
@@ -172,7 +172,9 @@ public:
           m_oldflags(socket->GetFlags())
 
     {
           m_oldflags(socket->GetFlags())
 
     {
-        wxASSERT_MSG( flag == wxSOCKET_WAITALL || flag == wxSOCKET_NOWAIT,
+        // We can be passed only wxSOCKET_WAITALL{_READ,_WRITE} or
+        // wxSOCKET_NOWAIT{_READ,_WRITE} normally.
+        wxASSERT_MSG( !(flag & wxSOCKET_WAITALL) || !(flag & wxSOCKET_NOWAIT),
                       "not a wait flag" );
 
         // preserve wxSOCKET_BLOCK value when switching to wxSOCKET_WAITALL
                       "not a wait flag" );
 
         // preserve wxSOCKET_BLOCK value when switching to wxSOCKET_WAITALL
@@ -817,6 +819,8 @@ void wxSocketBase::Init()
     m_writing      =
     m_closed       = false;
     m_lcount       = 0;
     m_writing      =
     m_closed       = false;
     m_lcount       = 0;
+    m_lcount_read  = 0;
+    m_lcount_write = 0;
     m_timeout      = 600;
     m_beingDeleted = false;
 
     m_timeout      = 600;
     m_beingDeleted = false;
 
@@ -887,8 +891,12 @@ bool wxSocketBase::Destroy()
     Notify(false);
 
     // Schedule this object for deletion instead of destroying it right now if
     Notify(false);
 
     // Schedule this object for deletion instead of destroying it right now if
-    // possible as we may have other events pending for it
-    if ( wxTheApp )
+    // it can have other events pending for it and we have a way to do it.
+    //
+    // Notice that sockets used in other threads won't have any events for them
+    // and we shouldn't use delayed destruction mechanism for them as it's not
+    // MT-safe.
+    if ( wxIsMainThread() && wxTheApp )
     {
         wxTheApp->ScheduleForDestruction(this);
     }
     {
         wxTheApp->ScheduleForDestruction(this);
     }
@@ -943,7 +951,8 @@ wxSocketBase& wxSocketBase::Read(void* buffer, wxUint32 nbytes)
 {
     wxSocketReadGuard read(this);
 
 {
     wxSocketReadGuard read(this);
 
-    m_lcount = DoRead(buffer, nbytes);
+    m_lcount_read = DoRead(buffer, nbytes);
+    m_lcount = m_lcount_read;
 
     return *this;
 }
 
     return *this;
 }
@@ -979,8 +988,12 @@ wxUint32 wxSocketBase::DoRead(void* buffer_, wxUint32 nbytes)
             if ( m_impl->GetLastError() == wxSOCKET_WOULDBLOCK )
             {
                 // if we don't want to wait, just return immediately
             if ( m_impl->GetLastError() == wxSOCKET_WOULDBLOCK )
             {
                 // if we don't want to wait, just return immediately
-                if ( m_flags & wxSOCKET_NOWAIT )
+                if ( m_flags & wxSOCKET_NOWAIT_READ )
+                {
+                    // this shouldn't be counted as an error in this case
+                    SetError(wxSOCKET_NOERROR);
                     break;
                     break;
+                }
 
                 // otherwise wait until the socket becomes ready for reading or
                 // an error occurs on it
 
                 // otherwise wait until the socket becomes ready for reading or
                 // an error occurs on it
@@ -1011,7 +1024,7 @@ wxUint32 wxSocketBase::DoRead(void* buffer_, wxUint32 nbytes)
             // we're not going to read anything else and so if we haven't read
             // anything (or not everything in wxSOCKET_WAITALL case) already,
             // signal an error
             // we're not going to read anything else and so if we haven't read
             // anything (or not everything in wxSOCKET_WAITALL case) already,
             // signal an error
-            if ( (m_flags & wxSOCKET_WAITALL) || !total )
+            if ( (m_flags & wxSOCKET_WAITALL_READ) || !total )
                 SetError(wxSOCKET_IOERR);
             break;
         }
                 SetError(wxSOCKET_IOERR);
             break;
         }
@@ -1020,7 +1033,7 @@ wxUint32 wxSocketBase::DoRead(void* buffer_, wxUint32 nbytes)
 
         // if we are happy to read something and not the entire nbytes bytes,
         // then we're done
 
         // if we are happy to read something and not the entire nbytes bytes,
         // then we're done
-        if ( !(m_flags & wxSOCKET_WAITALL) )
+        if ( !(m_flags & wxSOCKET_WAITALL_READ) )
             break;
 
         nbytes -= ret;
             break;
 
         nbytes -= ret;
@@ -1040,7 +1053,7 @@ wxSocketBase& wxSocketBase::ReadMsg(void* buffer, wxUint32 nbytes)
 
     wxSocketReadGuard read(this);
 
 
     wxSocketReadGuard read(this);
 
-    wxSocketWaitModeChanger changeFlags(this, wxSOCKET_WAITALL);
+    wxSocketWaitModeChanger changeFlags(this, wxSOCKET_WAITALL_READ);
 
     bool ok = false;
     if ( DoRead(&msg, sizeof(msg)) == sizeof(msg) )
 
     bool ok = false;
     if ( DoRead(&msg, sizeof(msg)) == sizeof(msg) )
@@ -1067,7 +1080,8 @@ wxSocketBase& wxSocketBase::ReadMsg(void* buffer, wxUint32 nbytes)
                 len2 = 0;
 
             // Don't attempt to read if the msg was zero bytes long.
                 len2 = 0;
 
             // Don't attempt to read if the msg was zero bytes long.
-            m_lcount = len ? DoRead(buffer, len) : 0;
+            m_lcount_read = len ? DoRead(buffer, len) : 0;
+            m_lcount = m_lcount_read;
 
             if ( len2 )
             {
 
             if ( len2 )
             {
@@ -1123,7 +1137,8 @@ wxSocketBase& wxSocketBase::Write(const void *buffer, wxUint32 nbytes)
 {
     wxSocketWriteGuard write(this);
 
 {
     wxSocketWriteGuard write(this);
 
-    m_lcount = DoWrite(buffer, nbytes);
+    m_lcount_write = DoWrite(buffer, nbytes);
+    m_lcount = m_lcount_write;
 
     return *this;
 }
 
     return *this;
 }
@@ -1143,7 +1158,7 @@ wxUint32 wxSocketBase::DoWrite(const void *buffer_, wxUint32 nbytes)
     {
         if ( m_impl->m_stream && !m_connected )
         {
     {
         if ( m_impl->m_stream && !m_connected )
         {
-            if ( (m_flags & wxSOCKET_WAITALL) || !total )
+            if ( (m_flags & wxSOCKET_WAITALL_WRITE) || !total )
                 SetError(wxSOCKET_IOERR);
             break;
         }
                 SetError(wxSOCKET_IOERR);
             break;
         }
@@ -1153,7 +1168,7 @@ wxUint32 wxSocketBase::DoWrite(const void *buffer_, wxUint32 nbytes)
         {
             if ( m_impl->GetLastError() == wxSOCKET_WOULDBLOCK )
             {
         {
             if ( m_impl->GetLastError() == wxSOCKET_WOULDBLOCK )
             {
-                if ( m_flags & wxSOCKET_NOWAIT )
+                if ( m_flags & wxSOCKET_NOWAIT_WRITE )
                     break;
 
                 if ( !DoWaitWithTimeout(wxSOCKET_OUTPUT_FLAG) )
                     break;
 
                 if ( !DoWaitWithTimeout(wxSOCKET_OUTPUT_FLAG) )
@@ -1173,7 +1188,7 @@ wxUint32 wxSocketBase::DoWrite(const void *buffer_, wxUint32 nbytes)
 
         total += ret;
 
 
         total += ret;
 
-        if ( !(m_flags & wxSOCKET_WAITALL) )
+        if ( !(m_flags & wxSOCKET_WAITALL_WRITE) )
             break;
 
         nbytes -= ret;
             break;
 
         nbytes -= ret;
@@ -1193,7 +1208,7 @@ wxSocketBase& wxSocketBase::WriteMsg(const void *buffer, wxUint32 nbytes)
 
     wxSocketWriteGuard write(this);
 
 
     wxSocketWriteGuard write(this);
 
-    wxSocketWaitModeChanger changeFlags(this, wxSOCKET_WAITALL);
+    wxSocketWaitModeChanger changeFlags(this, wxSOCKET_WAITALL_WRITE);
 
     msg.sig[0] = (unsigned char) 0xad;
     msg.sig[1] = (unsigned char) 0xde;
 
     msg.sig[0] = (unsigned char) 0xad;
     msg.sig[1] = (unsigned char) 0xde;
@@ -1208,8 +1223,9 @@ wxSocketBase& wxSocketBase::WriteMsg(const void *buffer, wxUint32 nbytes)
     bool ok = false;
     if ( DoWrite(&msg, sizeof(msg)) == sizeof(msg) )
     {
     bool ok = false;
     if ( DoWrite(&msg, sizeof(msg)) == sizeof(msg) )
     {
-        m_lcount = DoWrite(buffer, nbytes);
-        if ( m_lcount == nbytes )
+        m_lcount_write = DoWrite(buffer, nbytes);
+        m_lcount = m_lcount_write;
+        if ( m_lcount_write == nbytes )
         {
             msg.sig[0] = (unsigned char) 0xed;
             msg.sig[1] = (unsigned char) 0xfe;
         {
             msg.sig[0] = (unsigned char) 0xed;
             msg.sig[1] = (unsigned char) 0xfe;
@@ -1293,17 +1309,31 @@ wxSocketEventFlags wxSocketImpl::Select(wxSocketEventFlags flags,
         exceptfds;                      // always want to know about errors
 
     if ( flags & wxSOCKET_INPUT_FLAG )
         exceptfds;                      // always want to know about errors
 
     if ( flags & wxSOCKET_INPUT_FLAG )
-    {
         preadfds = &readfds;
         preadfds = &readfds;
+
+    if ( flags & wxSOCKET_OUTPUT_FLAG )
+        pwritefds = &writefds;
+
+    // When using non-blocking connect() the client socket becomes connected
+    // (successfully or not) when it becomes writable but when using
+    // non-blocking accept() the server socket becomes connected when it
+    // becomes readable.
+    if ( flags & wxSOCKET_CONNECTION_FLAG )
+    {
+        if ( m_server )
+            preadfds = &readfds;
+        else
+            pwritefds = &writefds;
+    }
+
+    if ( preadfds )
+    {
         wxFD_ZERO(preadfds);
         wxFD_SET(m_fd, preadfds);
     }
 
         wxFD_ZERO(preadfds);
         wxFD_SET(m_fd, preadfds);
     }
 
-    // when using non-blocking connect() the socket becomes connected
-    // (successfully or not) when it becomes writable
-    if ( flags & (wxSOCKET_OUTPUT_FLAG | wxSOCKET_CONNECTION_FLAG) )
+    if ( pwritefds )
     {
     {
-        pwritefds = &writefds;
         wxFD_ZERO(pwritefds);
         wxFD_SET(m_fd, pwritefds);
     }
         wxFD_ZERO(pwritefds);
         wxFD_SET(m_fd, pwritefds);
     }
@@ -1372,10 +1402,11 @@ wxSocketBase::DoWait(long timeout, wxSocketEventFlags flags)
 {
     wxCHECK_MSG( m_impl, -1, "can't wait on invalid socket" );
 
 {
     wxCHECK_MSG( m_impl, -1, "can't wait on invalid socket" );
 
-    // we're never going to become ready in a client if we're not connected any
-    // more (OTOH a server can call this to precisely wait for a connection so
-    // do wait for it in this case)
-    if ( !m_impl->IsServer() && !m_connected && !m_establishing )
+    // we're never going to become ready in a TCP client if we're not connected
+    // any more (OTOH a server can call this to precisely wait for a connection
+    // so do wait for it in this case and UDP client is never "connected")
+    if ( !m_impl->IsServer() &&
+            m_impl->m_stream && !m_connected && !m_establishing )
         return -1;
 
     // This can be set to true from Interrupt() to exit this function a.s.a.p.
         return -1;
 
     // This can be set to true from Interrupt() to exit this function a.s.a.p.
@@ -1789,14 +1820,17 @@ wxSocketServer::wxSocketServer(const wxSockAddress& addr,
 
     if (m_impl->CreateServer() != wxSOCKET_NOERROR)
     {
 
     if (m_impl->CreateServer() != wxSOCKET_NOERROR)
     {
-        delete m_impl;
-        m_impl = NULL;
+        wxDELETE(m_impl);
 
         wxLogTrace( wxTRACE_Socket, wxT("*** CreateServer() failed") );
         return;
     }
 
 
         wxLogTrace( wxTRACE_Socket, wxT("*** CreateServer() failed") );
         return;
     }
 
-    wxLogTrace( wxTRACE_Socket, wxT("wxSocketServer on fd %d"), m_impl->m_fd );
+    // Notice that we need a cast as SOCKET is 64 bit under Win64 and that the
+    // cast is safe because a SOCKET is a handle and so limited to 32 (or,
+    // actually, even 24) bit values anyhow.
+    wxLogTrace( wxTRACE_Socket, wxT("wxSocketServer on fd %u"),
+                static_cast<unsigned>(m_impl->m_fd) );
 }
 
 // --------------------------------------------------------------------------
 }
 
 // --------------------------------------------------------------------------
@@ -2030,8 +2064,7 @@ wxDatagramSocket::wxDatagramSocket( const wxSockAddress& addr,
 
     if ( m_impl->CreateUDP() != wxSOCKET_NOERROR )
     {
 
     if ( m_impl->CreateUDP() != wxSOCKET_NOERROR )
     {
-        delete m_impl;
-        m_impl = NULL;
+        wxDELETE(m_impl);
         return;
     }
 
         return;
     }
 
@@ -2094,7 +2127,7 @@ wxFORCE_LINK_MODULE( socketiohandler )
 #endif
 
 // same for ManagerSetter in the MSW file
 #endif
 
 // same for ManagerSetter in the MSW file
-#ifdef __WXMSW__
+#ifdef __WINDOWS__
     wxFORCE_LINK_MODULE( mswsocket )
 #endif
 
     wxFORCE_LINK_MODULE( mswsocket )
 #endif