Client Helper: timeout in synchronous services might lead to access deallocated memory
Description
The synchronous services of libs2opc_client_cmds.h
implement a local timeout, when it expires the context of the service request is freed.
Since the context was provided to the client state machine, it might still be accessed if the service response is received or lower level timeout expires.
This behavior might lead to invalid memory accesses, its occurrence depends on the coherency of request timeouts between client helper and low level client library.
Analysis
When the timeout for a service request is reached in client helper, it shall be cancelled in the state machine to unregister the context before deallocation.
It consists to provide a function:
After further analysis, this fix proposal is not possible since it might lead to deadlocks between lock on mutex of state machine and lock on mutex of the application request context.SOPC_StaMac_CancelRequest
to cancel a request sent by SOPC_StaMac_SendRequest
in order to at least unregister the app context / set a flag that it has been cancelled.
Another fix might be to manage cancellation in the request application context and to ignore and free them if received later. In addition we will need to record unreceived contexts in order to be able to free them on client helper clear if event never received.