Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00c1bbd9 authored by Jack He's avatar Jack He
Browse files

RFCOMM: Crash on null MCB and PORT in state machine 

* rfc_mx_sm_execute should never receive a NULL mcb
* rfc_port_sm_execute should never receive a NULL port
* If the above happens, we should crash since otherwise we might miss a
  state machine event and not knowing that we missed it if we just do a
  simple NULL check

Bug: 77224743
Test: StackRfcommTest
Change-Id: I7114e46ae706927cc839c7201c97362710e7a874
parent 37d7e9c1

system/stack/rfcomm/rfc_mx_fsm.cc

+3 −1
Original line number Diff line number Diff line
@@ -69,7 +69,9 @@ static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg); 
 *

 ******************************************************************************/

void rfc_mx_sm_execute(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {

  RFCOMM_TRACE_DEBUG("%s: STATE=%d, EVENT=%d", __func__, p_mcb->state, event);

  CHECK(p_mcb != nullptr) << __func__ << ": NULL mcb for event " << event;

  VLOG(1) << __func__ << ": bd_addr=" << p_mcb->bd_addr

          << ", state=" << std::to_string(p_mcb->state) << ", event=" << event;

  switch (p_mcb->state) {

    case RFC_MX_STATE_IDLE:

      rfc_mx_sm_state_idle(p_mcb, event, p_data);

system/stack/rfcomm/rfc_port_fsm.cc

+3 −6
Original line number Diff line number Diff line
@@ -64,14 +64,11 @@ static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame); 
 *

 ******************************************************************************/

void rfc_port_sm_execute(tPORT* p_port, uint16_t event, void* p_data) {

  VLOG(1) << __func__ << ": PORT=" << std::to_string(p_port->handle)

  CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;

  VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr

          << ", PORT=" << std::to_string(p_port->handle)

          << ", STATE=" << std::to_string(p_port->rfc.state)

          << ", EVENT=" << event;

  if (!p_port) {

    LOG(WARNING) << __func__ << ": NULL port event " << event;

    return;

  }



  switch (p_port->rfc.state) {

    case RFC_STATE_CLOSED:

      rfc_port_sm_state_closed(p_port, event, p_data);