lora: Fix losing of multicast params

peter-pycom · msariisik · commit e932a949cc2e · 2021-10-11T14:39:24.000+02:00
we're allocating MulticastParams_t inside garbage collected memory, then pass it into the C-level implementation. It seems the garbage collector cannot keep track of the usage this way, so eventually recycles the memory. At that point we lose the multicast addresses and when we check it in

LoraMac.c: 842
        case FRAME_TYPE_DATA_CONFIRMED_DOWN:
        case FRAME_TYPE_DATA_UNCONFIRMED_DOWN:

and further we end up dereferencing those pointers still and then it's a bit random whether we core dump due to illegal memory address, or simply ignore the lora packets and become "deaf" to them
diff --git a/esp32/mods/modlora.c b/esp32/mods/modlora.c
@@ -1993,26 +1993,28 @@ STATIC mp_obj_t lora_join_multicast_group (mp_uint_t n_args, const mp_obj_t *pos
         { MP_QSTR_mcNwkKey,     MP_ARG_REQUIRED | MP_ARG_OBJ, {.u_obj = MP_OBJ_NULL} },
         { MP_QSTR_mcAppKey,     MP_ARG_REQUIRED | MP_ARG_OBJ, {.u_obj = MP_OBJ_NULL} },
     };
-    
+
     // parse args
     mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
     mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args, MP_ARRAY_SIZE(args), allowed_args, args);
-    
+
     mp_buffer_info_t bufinfo_0, bufinfo_1;
     mp_get_buffer_raise(args[1].u_obj, &bufinfo_0, MP_BUFFER_READ);
     mp_get_buffer_raise(args[2].u_obj, &bufinfo_1, MP_BUFFER_READ);
-    
-    MulticastParams_t *channelParam = m_new_obj(MulticastParams_t);
+
+    MulticastParams_t *channelParam = heap_caps_malloc(sizeof(MulticastParams_t), MALLOC_CAP_SPIRAM);
     channelParam->Next = NULL;
     channelParam->DownLinkCounter = 0;
     channelParam->Address = args[0].u_int;
     memcpy(channelParam->NwkSKey, bufinfo_0.buf, sizeof(channelParam->NwkSKey));
     memcpy(channelParam->AppSKey, bufinfo_1.buf, sizeof(channelParam->AppSKey));
-    
+
     if (LoRaMacMulticastChannelLink(channelParam) == LORAMAC_STATUS_OK) {
         return mp_const_true;
     }
-            
+
+    // adding to the list failed, so free the memory again
+    free(channelParam);
     return mp_const_false;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_KW(lora_join_multicast_group_obj, 0, lora_join_multicast_group);
@@ -2021,7 +2023,7 @@ STATIC mp_obj_t lora_leave_multicast_group (mp_obj_t self_in, mp_obj_t multicast
     uint32_t mcAddr = mp_obj_get_int(multicast_addr_obj);
     MulticastParams_t *channelParam = LoRaMacMulticastGetChannel(mcAddr);
     if (LoRaMacMulticastChannelUnlink(channelParam) == LORAMAC_STATUS_OK) {
-        m_del_obj(MulticastParams_t, channelParam);
+        free(channelParam);
         return mp_const_true;
     }
     return mp_const_false;
