Google Git
Sign in
android / platform / external / bluetooth / bluez / 1a004cf^! / .
commit1a004cf882f46783fb6d0ac7b65e5e8fbe110a62[log] [tgz]
authorLuiz Augusto von Dentz <luiz.dentz-von@nokia.com>Wed Feb 02 13:12:56 2011 +0200
committerJohan Hedberg <johan.hedberg@nokia.com>Wed Feb 02 13:56:12 2011 +0200
tree834795ed965938ca17795654a734d85a434ce1ab
parented8bfe8b81c875d86b03188b47427455d9f7d19e [diff]
Fix crash while parsering of endpoint properties

When parsing endpoint properties application my not have set some of the
mandatory properties, also the size of capability is now initialized with
0 so if the codec doesn't have any capabilities (e.g. pcm) the variable
won't be used uninitialized.

diff --git a/audio/media.c b/audio/media.c
index 402709a..9cfbe0e 100644
--- a/audio/media.c
+++ b/audio/media.c

@@ -194,9 +194,13 @@
 	endpoint->path = g_strdup(path);
 	endpoint->uuid = g_strdup(uuid);
 	endpoint->codec = codec;
-	endpoint->capabilities = g_new(uint8_t, size);
-	memcpy(endpoint->capabilities, capabilities, size);
-	endpoint->size = size;
+
+	if (size > 0) {
+		endpoint->capabilities = g_new(uint8_t, size);
+		memcpy(endpoint->capabilities, capabilities, size);
+		endpoint->size = size;
+	}
+
 	endpoint->adapter = adapter;
 
 	if (strcasecmp(uuid, A2DP_SOURCE_UUID) == 0) {
@@ -275,6 +279,9 @@
 				gboolean *delay_reporting, uint8_t *codec,
 				uint8_t **capabilities, int *size)
 {
+	gboolean has_uuid = FALSE;
+	gboolean has_codec = FALSE;
+
 	while (dbus_message_iter_get_arg_type(props) == DBUS_TYPE_DICT_ENTRY) {
 		const char *key;
 		DBusMessageIter value, entry;
@@ -291,10 +298,12 @@
 			if (var != DBUS_TYPE_STRING)
 				return -EINVAL;
 			dbus_message_iter_get_basic(&value, uuid);
+			has_uuid = TRUE;
 		} else if (strcasecmp(key, "Codec") == 0) {
 			if (var != DBUS_TYPE_BYTE)
 				return -EINVAL;
 			dbus_message_iter_get_basic(&value, codec);
+			has_codec = TRUE;
 		} else if (strcasecmp(key, "DelayReporting") == 0) {
 			if (var != DBUS_TYPE_BOOLEAN)
 				return -EINVAL;
@@ -313,7 +322,7 @@
 		dbus_message_iter_next(props);
 	}
 
-	return 0;
+	return (has_uuid && has_codec) ? 0 : -EINVAL;
 }
 
 static DBusMessage *register_endpoint(DBusConnection *conn, DBusMessage *msg,
@@ -321,11 +330,11 @@
 {
 	struct media_adapter *adapter = data;
 	DBusMessageIter args, props;
-	const char *sender, *path, *uuid = NULL;
-	gboolean delay_reporting;
+	const char *sender, *path, *uuid;
+	gboolean delay_reporting = FALSE;
 	uint8_t codec;
 	uint8_t *capabilities;
-	int size;
+	int size = 0;
 
 	sender = dbus_message_get_sender(msg);
 
@@ -342,7 +351,7 @@
 		return btd_error_invalid_args(msg);
 
 	if (parse_properties(&props, &uuid, &delay_reporting, &codec,
-				&capabilities, &size) || uuid == NULL)
+						&capabilities, &size) < 0)
 		return btd_error_invalid_args(msg);
 
 	if (media_endpoint_create(adapter, sender, path, uuid, delay_reporting,