diff options
| author | Amit Mahajan <amitmahajan@google.com> | 2016-08-16 23:01:39 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-08-16 23:01:39 +0000 |
| commit | 837c8b680aa75cc59436a2e6ab85ee530ceab6a0 (patch) | |
| tree | ac26f581cce6b661d7d3356b47b63412763a5ad3 | |
| parent | d33397bed7bab16991d2a9d83d84d157b1e02b29 (diff) | |
| parent | 943905bb9f99e3caa856b42c531e2be752da8834 (diff) | |
| download | android_hardware_ril-837c8b680aa75cc59436a2e6ab85ee530ceab6a0.tar.gz android_hardware_ril-837c8b680aa75cc59436a2e6ab85ee530ceab6a0.tar.bz2 android_hardware_ril-837c8b680aa75cc59436a2e6ab85ee530ceab6a0.zip | |
Replace variable-length arrays on stack with malloc.
am: 943905bb9f
Change-Id: Ie54e7e1a0e255e61b0c5182ec72b0cdb376efbd1
| -rw-r--r-- | libril/RilSapSocket.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp index e422f34..15476c1 100644 --- a/libril/RilSapSocket.cpp +++ b/libril/RilSapSocket.cpp @@ -343,7 +343,12 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { if ((success = pb_get_encoded_size(&encoded_size, MsgHeader_fields, hdr)) && encoded_size <= INT32_MAX && commandFd != -1) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendResponse: OOM"); + pthread_mutex_unlock(&write_lock); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -365,6 +370,7 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { RLOGE("Error while encoding response of type %d id %d buffer_size: %d: %s.", hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream)); } + free(buffer); } else { RLOGE("Not sending response type %d: encoded_size: %u. commandFd: %d. encoded size result: %d", hdr->type, encoded_size, commandFd, success); @@ -436,7 +442,11 @@ void RilSapSocket::sendDisconnect() { if ((success = pb_get_encoded_size(&encoded_size, RIL_SIM_SAP_DISCONNECT_REQ_fields, &disconnectReq)) && encoded_size <= INT32_MAX) { buffer_size = encoded_size + sizeof(uint32_t); - uint8_t buffer[buffer_size]; + uint8_t* buffer = (uint8_t*)malloc(buffer_size); + if (!buffer) { + RLOGE("sendDisconnect: OOM"); + return; + } written_size = htonl((uint32_t) encoded_size); ostream = pb_ostream_from_buffer(buffer, buffer_size); pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size)); @@ -468,6 +478,7 @@ void RilSapSocket::sendDisconnect() { else { RLOGE("Encode failed in send disconnect!"); } + free(buffer); } } |