diff options
author | Amit Mahajan <amitmahajan@google.com> | 2016-08-15 09:06:34 -0700 |
---|---|---|
committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-10-04 16:12:44 -0700 |
commit | 63bb1dbf33426c4c3efc4af578c635e57f75f491 (patch) | |
tree | 4d86db571d54243bfc31836a6d87d0a308c01af7 | |
parent | 06af52dbcfdaba653ba61f9597b0905a18d40c8c (diff) | |
download | android_hardware_ril-stable/cm-13.0-ZNH2KB.tar.gz android_hardware_ril-stable/cm-13.0-ZNH2KB.tar.bz2 android_hardware_ril-stable/cm-13.0-ZNH2KB.zip |
Replace variable-length arrays on stack with malloc.stable/cm-13.0-ZNH2KB
CYNGNOS-3286
Bug: 30202619
Change-Id: Ib95e08a1c009d88a4b4fd8d8fdba0641c6129008
(cherry picked from commit 943905bb9f99e3caa856b42c531e2be752da8834)
(cherry picked from commit 0c3aefae2e22846486937a0ff5de21b64f3a14b1)
(cherry picked from commit 9a7da975f78dbf52f0943376b4484d61c449196c)
-rw-r--r-- | libril/RilSapSocket.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp index e422f34..15476c1 100644 --- a/libril/RilSapSocket.cpp +++ b/libril/RilSapSocket.cpp @@ -343,7 +343,12 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { if ((success = pb_get_encoded_size(&encoded_size, MsgHeader_fields, hdr)) && encoded_size <= INT32_MAX && commandFd != -1) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendResponse: OOM"); + pthread_mutex_unlock(&write_lock); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -365,6 +370,7 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { RLOGE("Error while encoding response of type %d id %d buffer_size: %d: %s.", hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream)); } + free(buffer); } else { RLOGE("Not sending response type %d: encoded_size: %u. commandFd: %d. encoded size result: %d", hdr->type, encoded_size, commandFd, success); @@ -436,7 +442,11 @@ void RilSapSocket::sendDisconnect() { if ((success = pb_get_encoded_size(&encoded_size, RIL_SIM_SAP_DISCONNECT_REQ_fields, &disconnectReq)) && encoded_size <= INT32_MAX) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendDisconnect: OOM"); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -468,6 +478,7 @@ void RilSapSocket::sendDisconnect() { else { RLOGE("Encode failed in send disconnect!"); } + free(buffer); } } |