Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1eace27f authored by Ganesh Ganapathi Batta's avatar Ganesh Ganapathi Batta
Browse files

Fix Null pointer access in GKI timer library 

Change-Id: Iada2d426fe4592416eed988202c14599656b33e4
parent d8402708

gki/common/gki_common.h

+1 −0
Original line number Diff line number Diff line
@@ -45,6 +45,7 @@ 
#define GKI_ERROR_ADDR_NOT_IN_BUF       0xFFF5

#define GKI_ERROR_OUT_OF_BUFFERS        0xFFF4

#define GKI_ERROR_GETPOOLBUF_BAD_QID    0xFFF3

#define GKI_ERROR_TIMER_LIST_CORRUPTED  0xFFF2





/********************************************************************

gki/common/gki_time.c

+12 −1
Original line number Diff line number Diff line
@@ -841,8 +841,19 @@ void GKI_add_to_timer_list (TIMER_LIST_Q *p_timer_listq, TIMER_LIST_ENT *p_tle) 
        }

        else    /* This entry needs to be inserted before the last entry */

        {

            /* Find the entry that the new one needs to be inserted in front of */

            p_temp = p_timer_listq->p_first;



            if (p_temp == NULL)

            {

                /* list is corrupted, exit to avoid crash */

                GKI_TRACE_ERROR_0("GKI_add_to_timer_list : Timerlist Q is empty");

                GKI_exception(GKI_ERROR_TIMER_LIST_CORRUPTED, "*** "

                        "GKI_add_to_timer_list(): timer list corrupted! ***");

                return;

            }

            /* Find the entry that the new one needs to be inserted in front of

             * as last_ticks is the expiry value of p_last, it should be inserted

             * BEFORE p_last. otherwise list is probably corrupted! */

            while (p_tle->ticks > p_temp->ticks)

            {

                /* Update the tick value if looking at an unexpired entry */