Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b492cf08 authored by Sharvil Nanavati's avatar Sharvil Nanavati
Browse files

Fix use of uninitialized value in BTA_PanSetRole

Caught by valgrind:

Conditional jump or move depends on uninitialised value(s)
   at 0x57616E8: PAN_SetRole (pan_api.c:170)
   by 0x56C0193: bta_pan_set_role (bta_pan_act.c:370)
   by 0x56BFD65: bta_pan_hdl_event (bta_pan_main.c:387)
   by 0x56D24DD: bta_sys_event (bta_sys_main.c:495)
   by 0x5777029: run_reactor (reactor.c:275)
   by 0x5777D6D: run_thread (thread.c:206)
   by 0x49A77B3: __pthread_start(void*) (in /system/lib/libc.so)
 Uninitialised value was created by a heap allocation
   at 0x495883C: malloc (in /system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
   by 0x5774857: osi_malloc (allocator.c:67)
   by 0x56C07A9: BTA_PanSetRole (bta_pan_api.c:107)
   by 0x56FBF31: btpan_enable (btif_pan.c:226)
   by 0x56DB3AB: btif_enable_bluetooth_evt (btif_core.c:524)
   by 0x56DE3EB: btif_dm_upstreams_evt (btif_dm.c:1742)
   by 0x56DC60F: btif_context_switched (btif_core.c:180)
   by 0x56DC60F: bt_jni_msg_ready (btif_core.c:290)
   by 0x5778007: work_queue_read_cb (thread.c:233)
   by 0x5777029: run_reactor (reactor.c:275)
   by 0x5777D6D: run_thread (thread.c:206)
   by 0x49A77B3: __pthread_start(void*) (in /system/lib/libc.so)

Bug: 28113318
Change-Id: Icdba2b7a557254d29f8c3a62c6d1a7aafa4fdde4
parent 6833e170
Loading
Loading
Loading
Loading
+1 −7
Original line number Original line Diff line number Diff line
@@ -104,7 +104,7 @@ void BTA_PanSetRole(tBTA_PAN_ROLE role, tBTA_PAN_ROLE_INFO *p_user_info, tBTA_PA
                                        tBTA_PAN_ROLE_INFO *p_nap_info)
                                        tBTA_PAN_ROLE_INFO *p_nap_info)
{
{
    tBTA_PAN_API_SET_ROLE  *p_buf =
    tBTA_PAN_API_SET_ROLE  *p_buf =
        (tBTA_PAN_API_SET_ROLE *)osi_malloc(sizeof(tBTA_PAN_API_SET_ROLE));
        (tBTA_PAN_API_SET_ROLE *)osi_calloc(sizeof(tBTA_PAN_API_SET_ROLE));


    p_buf->hdr.event = BTA_PAN_API_SET_ROLE_EVT;
    p_buf->hdr.event = BTA_PAN_API_SET_ROLE_EVT;
    p_buf->role = role;
    p_buf->role = role;
@@ -112,8 +112,6 @@ void BTA_PanSetRole(tBTA_PAN_ROLE role, tBTA_PAN_ROLE_INFO *p_user_info, tBTA_PA
    if (p_user_info && (role & BTA_PAN_ROLE_PANU)) {
    if (p_user_info && (role & BTA_PAN_ROLE_PANU)) {
        if (p_user_info->p_srv_name)
        if (p_user_info->p_srv_name)
            strlcpy(p_buf->user_name, p_user_info->p_srv_name, BTA_SERVICE_NAME_LEN);
            strlcpy(p_buf->user_name, p_user_info->p_srv_name, BTA_SERVICE_NAME_LEN);
        else
            p_buf->user_name[0] = 0;


        p_buf->user_app_id = p_user_info->app_id;
        p_buf->user_app_id = p_user_info->app_id;
        p_buf->user_sec_mask = p_user_info->sec_mask;
        p_buf->user_sec_mask = p_user_info->sec_mask;
@@ -122,8 +120,6 @@ void BTA_PanSetRole(tBTA_PAN_ROLE role, tBTA_PAN_ROLE_INFO *p_user_info, tBTA_PA
    if (p_gn_info && (role & BTA_PAN_ROLE_GN)) {
    if (p_gn_info && (role & BTA_PAN_ROLE_GN)) {
        if (p_gn_info->p_srv_name)
        if (p_gn_info->p_srv_name)
            strlcpy(p_buf->gn_name, p_gn_info->p_srv_name, BTA_SERVICE_NAME_LEN);
            strlcpy(p_buf->gn_name, p_gn_info->p_srv_name, BTA_SERVICE_NAME_LEN);
        else
            p_buf->gn_name[0] = 0;


        p_buf->gn_app_id = p_gn_info->app_id;
        p_buf->gn_app_id = p_gn_info->app_id;
        p_buf->gn_sec_mask = p_gn_info->sec_mask;
        p_buf->gn_sec_mask = p_gn_info->sec_mask;
@@ -132,8 +128,6 @@ void BTA_PanSetRole(tBTA_PAN_ROLE role, tBTA_PAN_ROLE_INFO *p_user_info, tBTA_PA
    if (p_nap_info && (role & BTA_PAN_ROLE_NAP)) {
    if (p_nap_info && (role & BTA_PAN_ROLE_NAP)) {
      if (p_nap_info->p_srv_name)
      if (p_nap_info->p_srv_name)
          strlcpy(p_buf->nap_name, p_nap_info->p_srv_name, BTA_SERVICE_NAME_LEN);
          strlcpy(p_buf->nap_name, p_nap_info->p_srv_name, BTA_SERVICE_NAME_LEN);
      else
          p_buf->nap_name[0] = 0;


      p_buf->nap_app_id = p_nap_info->app_id;
      p_buf->nap_app_id = p_nap_info->app_id;
      p_buf->nap_sec_mask = p_nap_info->sec_mask;
      p_buf->nap_sec_mask = p_nap_info->sec_mask;
+12 −12
Original line number Original line Diff line number Diff line
@@ -166,12 +166,12 @@ tPAN_RESULT PAN_SetRole (UINT8 role,
    /* Register all the roles with SDP */
    /* Register all the roles with SDP */
    PAN_TRACE_API ("PAN_SetRole() called with role 0x%x", role);
    PAN_TRACE_API ("PAN_SetRole() called with role 0x%x", role);
#if (defined (PAN_SUPPORTS_ROLE_NAP) && PAN_SUPPORTS_ROLE_NAP == TRUE)
#if (defined (PAN_SUPPORTS_ROLE_NAP) && PAN_SUPPORTS_ROLE_NAP == TRUE)
    if (role & PAN_ROLE_NAP_SERVER)
    {
        /* Check the service name */
        /* Check the service name */
        if ((p_nap_name == NULL) || (*p_nap_name == 0))
        if ((p_nap_name == NULL) || (*p_nap_name == 0))
            p_nap_name = PAN_NAP_DEFAULT_SERVICE_NAME;
            p_nap_name = PAN_NAP_DEFAULT_SERVICE_NAME;


    if (role & PAN_ROLE_NAP_SERVER)
    {
        /* Registering for NAP service with SDP */
        /* Registering for NAP service with SDP */
        p_desc = PAN_NAP_DEFAULT_DESCRIPTION;
        p_desc = PAN_NAP_DEFAULT_DESCRIPTION;


@@ -194,12 +194,12 @@ tPAN_RESULT PAN_SetRole (UINT8 role,
#endif
#endif


#if (defined (PAN_SUPPORTS_ROLE_GN) && PAN_SUPPORTS_ROLE_GN == TRUE)
#if (defined (PAN_SUPPORTS_ROLE_GN) && PAN_SUPPORTS_ROLE_GN == TRUE)
    if (role & PAN_ROLE_GN_SERVER)
    {
        /* Check the service name */
        /* Check the service name */
        if ((p_gn_name == NULL) || (*p_gn_name == 0))
        if ((p_gn_name == NULL) || (*p_gn_name == 0))
            p_gn_name = PAN_GN_DEFAULT_SERVICE_NAME;
            p_gn_name = PAN_GN_DEFAULT_SERVICE_NAME;


    if (role & PAN_ROLE_GN_SERVER)
    {
        /* Registering for GN service with SDP */
        /* Registering for GN service with SDP */
        p_desc = PAN_GN_DEFAULT_DESCRIPTION;
        p_desc = PAN_GN_DEFAULT_DESCRIPTION;


@@ -222,12 +222,12 @@ tPAN_RESULT PAN_SetRole (UINT8 role,
#endif
#endif


#if (defined (PAN_SUPPORTS_ROLE_PANU) && PAN_SUPPORTS_ROLE_PANU == TRUE)
#if (defined (PAN_SUPPORTS_ROLE_PANU) && PAN_SUPPORTS_ROLE_PANU == TRUE)
    if (role & PAN_ROLE_CLIENT)
    {
        /* Check the service name */
        /* Check the service name */
        if ((p_user_name == NULL) || (*p_user_name == 0))
        if ((p_user_name == NULL) || (*p_user_name == 0))
            p_user_name = PAN_PANU_DEFAULT_SERVICE_NAME;
            p_user_name = PAN_PANU_DEFAULT_SERVICE_NAME;


    if (role & PAN_ROLE_CLIENT)
    {
        /* Registering for PANU service with SDP */
        /* Registering for PANU service with SDP */
        p_desc = PAN_PANU_DEFAULT_DESCRIPTION;
        p_desc = PAN_PANU_DEFAULT_DESCRIPTION;
        if (pan_cb.pan_user_sdp_handle != 0)
        if (pan_cb.pan_user_sdp_handle != 0)