Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d426b0a authored by Ganesh Ganapathi Batta's avatar Ganesh Ganapathi Batta Committed by Matthew Xie
Browse files

Fix Null pointer access in GKI timer library 

Change-Id: Iada2d426fe4592416eed988202c14599656b33e4
parent 536ef057

gki/common/gki_common.h

+1 −0
Original line number Diff line number Diff line
@@ -45,6 +45,7 @@ 
#define GKI_ERROR_ADDR_NOT_IN_BUF       0xFFF5

#define GKI_ERROR_OUT_OF_BUFFERS        0xFFF4

#define GKI_ERROR_GETPOOLBUF_BAD_QID    0xFFF3

#define GKI_ERROR_TIMER_LIST_CORRUPTED  0xFFF2





/********************************************************************

gki/common/gki_time.c

+12 −1
Original line number Diff line number Diff line
@@ -841,8 +841,19 @@ void GKI_add_to_timer_list (TIMER_LIST_Q *p_timer_listq, TIMER_LIST_ENT *p_tle) 
        }

        else    /* This entry needs to be inserted before the last entry */

        {

            /* Find the entry that the new one needs to be inserted in front of */

            p_temp = p_timer_listq->p_first;



            if (p_temp == NULL)

            {

                /* list is corrupted, exit to avoid crash */

                GKI_TRACE_ERROR_0("GKI_add_to_timer_list : Timerlist Q is empty");

                GKI_exception(GKI_ERROR_TIMER_LIST_CORRUPTED, "*** "

                        "GKI_add_to_timer_list(): timer list corrupted! ***");

                return;

            }

            /* Find the entry that the new one needs to be inserted in front of

             * as last_ticks is the expiry value of p_last, it should be inserted

             * BEFORE p_last. otherwise list is probably corrupted! */

            while (p_tle->ticks > p_temp->ticks)

            {

                /* Update the tick value if looking at an unexpired entry */