Google Git
Sign in
android / platform / external / bluetooth / bluez / 778a28c^! / .
commit778a28c162f34c78e80d2109e7590551d2ab7fac[log] [tgz]
authorJaikumar Ganesh <jaikumar@google.com>Fri Dec 03 14:16:52 2010 -0800
committerJaikumar Ganesh <jaikumar@google.com>Mon Dec 06 09:58:04 2010 -0800
tree44f5428cf7d9a241f58c32a292a387913166b65a
parent8ff98ead0a283cdc7a3248be47596fb6c1299e51 [diff]
Fix crash in while setting the bluetooth name.

Bug: 3246147

Original change by: Johan Hedberg <johan.hedberg@nokia.com>

Fix local name handling

A name variable of 248 bytes can't be passed to functions that expect it
to be nul-terminated (since if the name is exactly 248 bytes it wont
be). This patch fixes the name to always be stored in a 249 byte
variable where the last byte is always zero.

Change-Id: I27cc2b936e628ebbaa43f6fe809396eeb3b1a8d1

diff --git a/src/adapter.c b/src/adapter.c
index 16334ec..b9e45b5 100644
--- a/src/adapter.c
+++ b/src/adapter.c

@@ -834,8 +834,7 @@
 		return;
 
 	if (dev->ssp_mode > 0)
-		create_ext_inquiry_response((char *) dev->name,
-						adapter->tx_power,
+		create_ext_inquiry_response(dev->name, adapter->tx_power,
 						adapter->services, data);
 
 	if (hci_write_ext_inquiry_response(dd, fec, data,
@@ -937,16 +936,16 @@
 	dev = &adapter->dev;
 
 	memcpy(&rp, ptr, MAX_NAME_LENGTH);
-	if (strncmp((char *) rp.name, (char *) dev->name, MAX_NAME_LENGTH) == 0)
+	if (strncmp((char *) rp.name, dev->name, MAX_NAME_LENGTH) == 0)
 		return;
 
-	strncpy((char *) dev->name, (char *) rp.name, MAX_NAME_LENGTH);
+	strncpy(dev->name, (char *) rp.name, MAX_NAME_LENGTH);
 
-	write_local_name(bdaddr, (char *) dev->name);
+	write_local_name(bdaddr, dev->name);
 
 	update_ext_inquiry_response(adapter);
 
-	name = g_strdup((char *) dev->name);
+	name = g_strdup(dev->name);
 
 	if (connection)
 		emit_property_changed(connection, adapter->path,
@@ -987,11 +986,11 @@
 		return invalid_args(msg);
 	}
 
-	if (strncmp(name, (char *) dev->name, MAX_NAME_LENGTH) == 0)
+	if (strncmp(name, dev->name, MAX_NAME_LENGTH) == 0)
 		goto done;
 
 	if (!adapter->up) {
-		strncpy((char *) adapter->dev.name, name, MAX_NAME_LENGTH);
+		strncpy(dev->name, name, MAX_NAME_LENGTH);
 		write_local_name(&adapter->bdaddr, name);
 	} else {
 		int err = adapter_ops->set_name(adapter->dev_id, name);

diff --git a/src/adapter.h b/src/adapter.h
index 8226514..9341118 100644
--- a/src/adapter.h
+++ b/src/adapter.h

@@ -69,7 +69,7 @@
 	uint16_t manufacturer;
 
 	uint8_t  ssp_mode;
-	uint8_t  name[MAX_NAME_LENGTH];
+	char  name[MAX_NAME_LENGTH + 1];
 };
 
 int adapter_start(struct btd_adapter *adapter);