Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7663bc41 authored by Elliott Hughes's avatar Elliott Hughes
Browse files

Fix uipc.c to never pass -1 to FD_ISSET. 

The behavior of FD_ISSET when passed -1 is undefined.

I checked all calls of FD_SET and FD_CLR in this file, and they all
seem to be correctly guarded. None of the FD_ISSET calls were, so I
added a SAFE_FD_ISSET macro to return false when passed -1, which is
presumably what the callers intended.

This allows Bluetooth to be enabled on a device where the C library
aborts if passed any out of range fd.

Bug: 11047121
Change-Id: I261404a5a80884d5e9edab8beb3c93969113dc76
parent 86ba523e

Android.mk

+1 −1
Original line number Diff line number Diff line
@@ -13,4 +13,4 @@ include $(call all-subdir-makefiles) 


# Cleanup our locals

bdroid_C_INCLUDES :=

bdroid_CFLaGS :=
 
bdroid_CFLAGS :=

system/udrv/ulinux/uipc.c

+5 −3
Original line number Diff line number Diff line
@@ -66,6 +66,8 @@ 
#define UIPC_LOCK() /*BTIF_TRACE_EVENT1(" %s lock", __FUNCTION__);*/ pthread_mutex_lock(&uipc_main.mutex);

#define UIPC_UNLOCK() /*BTIF_TRACE_EVENT1("%s unlock", __FUNCTION__);*/ pthread_mutex_unlock(&uipc_main.mutex);



#define SAFE_FD_ISSET(fd, set) (((fd) == -1) ? FALSE : FD_ISSET((fd), (set)))



/*****************************************************************************

**  Local type definitions

******************************************************************************/
@@ -318,7 +320,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id) 


    //BTIF_TRACE_EVENT2("CHECK SRVFD %d (ch %d)", uipc_main.ch[ch_id].srvfd, ch_id);



    if (FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))

    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))

    {

        BTIF_TRACE_EVENT1("INCOMING CONNECTION ON CH %d", ch_id);
@@ -347,7 +349,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id) 


    //BTIF_TRACE_EVENT2("CHECK FD %d (ch %d)", uipc_main.ch[ch_id].fd, ch_id);



    if (FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))

    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))

    {

        //BTIF_TRACE_EVENT1("INCOMING DATA ON CH %d", ch_id);
@@ -359,7 +361,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id) 


static void uipc_check_interrupt_locked(void)

{

    if (FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))

    if (SAFE_FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))

    {

        char sig_recv = 0;

        //BTIF_TRACE_EVENT0("UIPC INTERRUPT");