merge in nyc-dr1-release history after reset to nyc-dr1-dev
diff --git a/include/telephony/ril.h b/include/telephony/ril.h
index e18c69b..98aa7d3 100644
--- a/include/telephony/ril.h
+++ b/include/telephony/ril.h
@@ -543,7 +543,10 @@
RIL_CDMA_SMS_Message* cdmaMessage;
/* Valid field if tech is RADIO_TECH_3GPP. See RIL_REQUEST_SEND_SMS */
- char** gsmMessage;
+ char** gsmMessage; /* This is an array of pointers where pointers
+ are contiguous but elements pointed by those pointers
+ are not contiguous
+ */
} message;
} RIL_IMS_SMS_Message;
@@ -5804,8 +5807,13 @@
* @param request is one of RIL_REQUEST_*
* @param data is pointer to data defined for that RIL_REQUEST_*
* data is owned by caller, and should not be modified or freed by callee
+ * structures passed as data may contain pointers to non-contiguous memory
* @param t should be used in subsequent call to RIL_onResponse
- * @param datalen the length of data
+ * @param datalen is the length of "data" which is defined as other argument. It may or may
+ * not be equal to sizeof(data). Refer to the documentation of individual structures
+ * to find if pointers listed in the structure are contiguous and counted in the datalen
+ * length or not.
+ * (Eg: RIL_IMS_SMS_Message where we don't have datalen equal to sizeof(data))
*
*/
typedef void (*RIL_RequestFunc) (int request, void *data,
@@ -5825,8 +5833,13 @@
* @param request is one of RIL_REQUEST_*
* @param data is pointer to data defined for that RIL_REQUEST_*
* data is owned by caller, and should not be modified or freed by callee
+ * structures passed as data may contain pointers to non-contiguous memory
* @param t should be used in subsequent call to RIL_onResponse
- * @param datalen the length of data
+ * @param datalen is the length of "data" which is defined as other argument. It may or may
+ * not be equal to sizeof(data). Refer to the documentation of individual structures
+ * to find if pointers listed in the structure are contiguous and counted in the datalen
+ * length or not.
+ * (Eg: RIL_IMS_SMS_Message where we don't have datalen equal to sizeof(data))
*
*/
typedef void (*RIL_RequestFunc) (int request, void *data,
diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp
index ecb04ed..33eabb5 100644
--- a/libril/RilSapSocket.cpp
+++ b/libril/RilSapSocket.cpp
@@ -345,7 +345,12 @@
if ((success = pb_get_encoded_size(&encoded_size, MsgHeader_fields,
hdr)) && encoded_size <= INT32_MAX && commandFd != -1) {
buffer_size = encoded_size + sizeof(uint32_t);
- uint8_t buffer[buffer_size];
+ uint8_t* buffer = (uint8_t*)malloc(buffer_size);
+ if (!buffer) {
+ RLOGE("sendResponse: OOM");
+ pthread_mutex_unlock(&write_lock);
+ return;
+ }
written_size = htonl((uint32_t) encoded_size);
ostream = pb_ostream_from_buffer(buffer, buffer_size);
pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size));
@@ -367,6 +372,7 @@
RLOGE("Error while encoding response of type %d id %d buffer_size: %zu: %s.",
hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream));
}
+ free(buffer);
} else {
RLOGE("Not sending response type %d: encoded_size: %zu. commandFd: %d. encoded size result:\
%d", hdr->type, encoded_size, commandFd, success);
@@ -438,7 +444,11 @@
if ((success = pb_get_encoded_size(&encoded_size, RIL_SIM_SAP_DISCONNECT_REQ_fields,
&disconnectReq)) && encoded_size <= INT32_MAX) {
buffer_size = encoded_size + sizeof(uint32_t);
- uint8_t buffer[buffer_size];
+ uint8_t* buffer = (uint8_t*)malloc(buffer_size);
+ if (!buffer) {
+ RLOGE("sendDisconnect: OOM");
+ return;
+ }
written_size = htonl((uint32_t) encoded_size);
ostream = pb_ostream_from_buffer(buffer, buffer_size);
pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size));
@@ -470,6 +480,7 @@
else {
RLOGE("Encode failed in send disconnect!");
}
+ free(buffer);
}
}