Commit 639b12e3 authored May 13, 2021 by George Burgess IV

avdt_scb: fix dereferences of NULL

A recent change to this code added `int` in this for loop's first clause
(good, since that's way more common than declaring `i` outside of the
loop). Unfortunately, this caused the `*p_err_code = 0` to be
interpreted as "create a new int* called p_err_code and set it to 0,"
rather than "set the value pointed to by p_err_code to 0."

Caught by clang's static analyzer:

> system/bt/stack/avdt/avdt_scb.cc:936:19: warning: Dereference of null
pointer (loaded from variable 'p_err_code')
[clang-analyzer-core.NullDereference]>
system/bt/stack/avdt/avdt_scb.cc:941:19: warning: Dereference of null
pointer (loaded from variable 'p_err_code')
[clang-analyzer-core.NullDereference] >
system/bt/stack/avdt/avdt_scb.cc:946:19: warning: Dereference of null
pointer (loaded from variable 'p_err_code')
[clang-analyzer-core.NullDereference] >
system/bt/stack/avdt/avdt_scb.cc:955:23: warning: Dereference of null
pointer (loaded from variable 'p_err_code')
[clang-analyzer-core.NullDereference] >
system/bt/stack/avdt/avdt_scb.cc:963:23: warning: Dereference of null
pointer (loaded from variable 'p_err_code')
[clang-analyzer-core.NullDereference]

Bug: 180421437
Test: TreeHugger
Change-Id: I834032e22da0ed558c25355c9d1cf20c11c8c530

parent d468f80c

system/stack/avdt/avdt_scb.cc

+2 −1

Original line number	Diff line number	Diff line
		@@ -930,7 +930,8 @@ uint8_t avdt_scb_verify(AvdtpCcb* p_ccb, uint8_t state, uint8_t* p_seid,
		}

		/* verify every scb */
		for (int i = 0, *p_err_code = 0; (i < num_seid) && (i < AVDT_NUM_SEPS); i++) {
		*p_err_code = 0;
		for (int i = 0; (i < num_seid) && (i < AVDT_NUM_SEPS); i++) {
		AvdtpScb* p_scb = avdt_scb_by_hdl(p_seid[i]);
		if (p_scb == NULL) {
		*p_err_code = AVDT_ERR_BAD_STATE;