diff options
| author | Szymon Janc <szymon.janc@tieto.com> | 2014-09-23 10:24:29 +0200 |
|---|---|---|
| committer | Szymon Janc <szymon.janc@tieto.com> | 2014-09-23 10:51:57 +0200 |
| commit | 0c4a249552fc855a19be316be780895ba6b5410f (patch) | |
| tree | 89765aacdb972672c8abe544615ffdc9acb5d372 /android/hal-bluetooth.c | |
| parent | a85ffb4ae449567d74b48fd701c60d583f4eadd6 (diff) | |
| download | bluez-0c4a249552fc855a19be316be780895ba6b5410f.tar.gz | |
android/hal-bluetooth: Fix wrong length in configuration command
HAL was sending extra byte at the end of command. Refactor code to
use pointer + offset and avoid less intuitive pointers subtraction.
Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
at 0x53529BD: ??? (syscall-template.S:81)
by 0x6D96197: hal_ipc_cmd (hal-ipc.c:369)
by 0x6D8D41E: send_configuration (hal-bluetooth.c:453)
by 0x6D8EC16: init (hal-bluetooth.c:489)
by 0x412B20: setup (tester-main.c:1411)
by 0x40CE05: setup_callback (tester.c:394)
by 0x5083CE4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.4000.0)
by 0x5084047: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
by 0x5084309: g_main_loop_run (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.4000.0)
by 0x40DB4C: tester_run (tester.c:815)
by 0x40259E: main (tester-main.c:2335)
Address 0xffefffe31 is on thread 1's stack
Diffstat (limited to 'android/hal-bluetooth.c')
| -rw-r--r-- | android/hal-bluetooth.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/android/hal-bluetooth.c b/android/hal-bluetooth.c index db735d182..07e86b09a 100644 --- a/android/hal-bluetooth.c +++ b/android/hal-bluetooth.c @@ -403,49 +403,41 @@ static uint8_t get_mode(void) return HAL_MODE_DEFAULT; } -static struct hal_config_prop *add_prop(const char *prop, uint8_t type, - struct hal_config_prop *hal_prop) +static uint16_t add_prop(const char *prop, uint8_t type, void *buf) { - void *ptr; + struct hal_config_prop *hal_prop = buf; hal_prop->type = type; hal_prop->len = strlen(prop) + 1; memcpy(hal_prop->val, prop, hal_prop->len); - ptr = hal_prop; - ptr += sizeof(*hal_prop) + hal_prop->len; - - return ptr; + return sizeof(*hal_prop) + hal_prop->len; } static int send_configuration(void) { char buf[IPC_MTU]; struct hal_cmd_configuration *cmd = (void *) buf; - struct hal_config_prop *hal_prop; char prop[PROPERTY_VALUE_MAX]; uint16_t len = sizeof(*cmd); cmd->num = 0; - hal_prop = &cmd->props[0]; if (get_config("vendor", prop, "ro.product.manufacturer") > 0) { - hal_prop = add_prop(prop, HAL_CONFIG_VENDOR, hal_prop); + len += add_prop(prop, HAL_CONFIG_VENDOR, buf + len); cmd->num++; } if (get_config("name", prop, "ro.product.name") > 0) { - hal_prop = add_prop(prop, HAL_CONFIG_NAME, hal_prop); + len += add_prop(prop, HAL_CONFIG_NAME, buf + len); cmd->num++; } if (get_config("model", prop, "ro.product.model") > 0) { - hal_prop = add_prop(prop, HAL_CONFIG_MODEL, hal_prop); + len += add_prop(prop, HAL_CONFIG_MODEL, buf + len); cmd->num++; } - len += (char *) hal_prop - buf; - return hal_ipc_cmd(HAL_SERVICE_ID_CORE, HAL_OP_CONFIGURATION, len, cmd, NULL, NULL, NULL); } |