Segmentation fault for 'lpac driver http' when using QMI backend

[AndreySV]

I was just experimenting with lpac and found that is segfaults in following situation:

$ sudo env LPAC_APDU=qmi QMI_DEVICE=/dev/cdc-wdm0 LIBEUICC_DEBUG_APDU=1 ./output/lpac driver
Usage: driver <apdu|http>

$ sudo env LPAC_APDU=qmi QMI_DEVICE=/dev/cdc-wdm0 LIBEUICC_DEBUG_APDU=1 ./output/lpac driver http
Cleaning up leaked APDU channel 1375198244
Segmentation fault

[CoelacanthusHex]

Please provide backtrace. You usually could get it via coredumpctl debug lpac.

[CoelacanthusHex]

I have a guess: in qmi driver init code, we allocate memory for qmi_priv

lpac/driver/apdu/qmi.c

Line 54 in 79034c6

qmi_priv = malloc(sizeof(struct qmi_data));

But doesn't init it with default value. So there is junk data now. When invoking lpac driver http, qmi driver doesn't do any actual thing, so it leaves junk data. When the fini function was invoked, it lookup lastChannelId field found non-zero junk data, and then tried to destroy the resource of that channel.

lpac/driver/apdu/qmi_common.c

Lines 155 to 163 in 79034c6

	void qmi_cleanup(struct qmi_data *qmi_priv)
	{
	if (qmi_priv->lastChannelId > 0)
	{
	fprintf(stderr, "Cleaning up leaked APDU channel %d\n", qmi_priv->lastChannelId);
	qmi_apdu_interface_logic_channel_close(NULL, qmi_priv->lastChannelId);
	qmi_priv->lastChannelId = -1;
	}
	}