Google Git
Sign in
android / platform / system / bt / 68a1cf1a9de115b66bececf892588075595b263f
commit68a1cf1a9de115b66bececf892588075595b263f[log] [tgz]
authorScott Bauer <sbauer@plzdonthack.me>Thu Apr 06 18:35:40 2017 -0600
committerJakub Pawlowski <jpawlowski@google.com>Thu Sep 28 18:30:21 2017 +0000
tree7cd3d1f1c856625580db6cd62bbfb0ad13015426
parent544f7e1be9a1f17da36955539f084b72130d1962 [diff]
Read the correct amount of attributes

bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.

There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.

This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.

Bug: 37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
1 file changed
tree: 7cd3d1f1c856625580db6cd62bbfb0ad13015426
  1. audio_a2dp_hw/
  2. bta/
  3. btcore/
  4. btif/
  5. build/
  6. conf/
  7. device/
  8. doc/
  9. embdrv/
  10. hci/
  11. include/
  12. main/
  13. osi/
  14. service/
  15. stack/
  16. test/
  17. tools/
  18. udrv/
  19. utils/
  20. vendor_libs/
  21. vnd/
  22. .clang-format
  23. .gitignore
  24. .gn
  25. Android.bp
  26. Android.mk
  27. BUILD.gn
  28. CleanSpec.mk
  29. EventLogTags.logtags
  30. MODULE_LICENSE_APACHE2
  31. NOTICE
  32. OWNERS
  33. PREUPLOAD.cfg
  34. README.md
README.md

Fluoride Bluetooth stack

Building and running on AOSP

Just build AOSP - Fluoride is there by default.

Building and running on Linux

Instructions for Ubuntu, tested on 14.04 with Clang 3.5.0 and 16.10 with Clang 3.8.0

Download source

mkdir ~/fluoride
cd ~/fluoride
git clone https://android.googlesource.com/platform/system/bt

Install dependencies (require sudo access):

cd ~/fluoride/bt
build/install_deps.sh

Then fetch third party dependencies:

cd ~/fluoride/bt
mkdir third_party
cd third_party
git clone https://github.com/google/googletest.git
git clone https://android.googlesource.com/platform/external/aac
git clone https://android.googlesource.com/platform/external/libchrome
git clone https://android.googlesource.com/platform/external/libldac
git clone https://android.googlesource.com/platform/external/modp_b64
git clone https://android.googlesource.com/platform/external/tinyxml2
git clone https://android.googlesource.com/platform/hardware/libhardware

And third party dependencies of third party dependencies:

cd fluoride/bt/third_party/libchrome/base/third_party
mkdir valgrind
cd valgrind
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h

NOTE: If system/bt is checked out under AOSP, then create symbolic links instead of downloading sources

cd system/bt
mkdir third_party
cd third_party
ln -s ../../../external/aac aac
ln -s ../../../external/libchrome libchrome
ln -s ../../../external/libldac libldac
ln -s ../../../external/modp_b64 modp_b64
ln -s ../../../external/tinyxml2 tinyxml2
ln -s ../../../hardware/libhardware libhardware
ln -s ../../../external/googletest googletest

Generate your build files

cd ~/fluoride/bt
gn gen out/Default

Build

cd ~/fluoride/bt
ninja -C out/Default all

This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace “all” with the target of your choice, e.g. ninja -C out/Default net_test_osi.

Run

cd ~/fluoride/bt/out/Default
LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride

Eclipse IDE Support

  1. Follows the Chromium project Eclipse Setup Instructions until “Optional: Building inside Eclipse” section (don't do that section, we will set it up differently)

  2. Generate Eclipse settings:

cd system/bt
gn gen --ide=eclipse out/Default

  1. In Eclipse, do File->Import->C/C++->C/C++ Project Settings, choose the XML location under system/bt/out/Default

  2. Right click on the project. Go to Preferences->C/C++ Build->Builder Settings. Uncheck “Use default build command”, but instead using “ninja -C out/Default”

  3. Goto Behaviour tab, change clean command to “-t clean”