diff options
| author | Amit Mahajan <amitmahajan@google.com> | 2016-08-15 09:06:34 -0700 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-10-04 15:43:22 -0700 |
| commit | 0c3aefae2e22846486937a0ff5de21b64f3a14b1 (patch) | |
| tree | fc83b0802a07afead1f2f4602b03f4affff0451c | |
| parent | a9c266d16259c111e6fcfb9ec1e0c605e3b854c9 (diff) | |
| download | android_hardware_ril-stable/cm-13.0-ZNH0E.tar.gz android_hardware_ril-stable/cm-13.0-ZNH0E.tar.bz2 android_hardware_ril-stable/cm-13.0-ZNH0E.zip | |
Replace variable-length arrays on stack with malloc.stable/cm-13.0-ZNH0E
CYNGNOS-3286
Bug: 30202619
Change-Id: Ib95e08a1c009d88a4b4fd8d8fdba0641c6129008
(cherry picked from commit 943905bb9f99e3caa856b42c531e2be752da8834)
| -rw-r--r-- | libril/RilSapSocket.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp index e422f34..15476c1 100644 --- a/libril/RilSapSocket.cpp +++ b/libril/RilSapSocket.cpp @@ -343,7 +343,12 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { if ((success = pb_get_encoded_size(&encoded_size, MsgHeader_fields, hdr)) && encoded_size <= INT32_MAX && commandFd != -1) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendResponse: OOM"); + pthread_mutex_unlock(&write_lock); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -365,6 +370,7 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { RLOGE("Error while encoding response of type %d id %d buffer_size: %d: %s.", hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream)); } + free(buffer); } else { RLOGE("Not sending response type %d: encoded_size: %u. commandFd: %d. encoded size result: %d", hdr->type, encoded_size, commandFd, success); @@ -436,7 +442,11 @@ void RilSapSocket::sendDisconnect() { if ((success = pb_get_encoded_size(&encoded_size, RIL_SIM_SAP_DISCONNECT_REQ_fields, &disconnectReq)) && encoded_size <= INT32_MAX) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendDisconnect: OOM"); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -468,6 +478,7 @@ void RilSapSocket::sendDisconnect() { else { RLOGE("Encode failed in send disconnect!"); } + free(buffer); } } |