diff options
| author | Sai Aitharaju <saia@codeaurora.org> | 2014-11-14 16:54:35 +0530 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2016-08-24 08:17:28 -0600 |
| commit | bb7cdbca9123f8c3d16abcfae474c4e68a638677 (patch) | |
| tree | 107453402ea6aecfb17513b3df0e682d986c19c9 | |
| parent | f3eda4d036030afaed0f01474290800752ea26ed (diff) | |
| download | android_packages_apps_Bluetooth-bb7cdbca9123f8c3d16abcfae474c4e68a638677.tar.gz android_packages_apps_Bluetooth-bb7cdbca9123f8c3d16abcfae474c4e68a638677.tar.bz2 android_packages_apps_Bluetooth-bb7cdbca9123f8c3d16abcfae474c4e68a638677.zip | |
BT App: Fix to resolve Static Code Analysis issues
Use case:
During static code analysis of Bluetooth Application
codespace, many NULL pointer exceptions
and Array Index Out of Bounds Exceptions were observed.
Root Cause:
No proper NULL checks before dereferencing a pointer
and no proper boundary checks kept for the array indices.
CRs-fixed: 1040047
Change-Id: I0c12a5ce37243695a839d0f976917da27d7fa989
| -rw-r--r-- | src/com/android/bluetooth/btservice/BondStateMachine.java | 10 | ||||
| -rw-r--r-- | src/com/android/bluetooth/btservice/RemoteDevices.java | 2 | ||||
| -rw-r--r-- | src/com/android/bluetooth/hdp/HealthService.java | 36 |
3 files changed, 41 insertions, 7 deletions
diff --git a/src/com/android/bluetooth/btservice/BondStateMachine.java b/src/com/android/bluetooth/btservice/BondStateMachine.java index 6b659efe1..8f71630d2 100644 --- a/src/com/android/bluetooth/btservice/BondStateMachine.java +++ b/src/com/android/bluetooth/btservice/BondStateMachine.java @@ -253,11 +253,21 @@ final class BondStateMachine extends StateMachine { case SSP_REQUEST: int passkey = msg.arg1; int variant = msg.arg2; + if(devProp == null) + { + Log.e(TAG,"Received msg from an unknown device"); + return false; + } sendDisplayPinIntent(devProp.getAddress(), passkey, variant); break; case PIN_REQUEST: BluetoothClass btClass = dev.getBluetoothClass(); int btDeviceClass = btClass.getDeviceClass(); + if(devProp == null) + { + Log.e(TAG,"Received msg from an unknown device"); + return false; + } if (btDeviceClass == BluetoothClass.Device.PERIPHERAL_KEYBOARD || btDeviceClass == BluetoothClass.Device.PERIPHERAL_KEYBOARD_POINTING) { // Its a keyboard. Follow the HID spec recommendation of creating the diff --git a/src/com/android/bluetooth/btservice/RemoteDevices.java b/src/com/android/bluetooth/btservice/RemoteDevices.java index 6e03abd5c..ff78a7c4e 100644 --- a/src/com/android/bluetooth/btservice/RemoteDevices.java +++ b/src/com/android/bluetooth/btservice/RemoteDevices.java @@ -239,7 +239,7 @@ final class RemoteDevices { device = getDeviceProperties(bdDevice); } - for (int j = 0; j < types.length; j++) { + for (int j = 0; j < types.length && device != null; j++) { type = types[j]; val = values[j]; if(val.length <= 0) diff --git a/src/com/android/bluetooth/hdp/HealthService.java b/src/com/android/bluetooth/hdp/HealthService.java index 8d8eff7f0..9b0785814 100644 --- a/src/com/android/bluetooth/hdp/HealthService.java +++ b/src/com/android/bluetooth/hdp/HealthService.java @@ -189,7 +189,12 @@ public class HealthService extends ProfileService { { BluetoothHealthAppConfiguration appConfig = (BluetoothHealthAppConfiguration) msg.obj; - int appId = (mApps.get(appConfig)).mAppId; + AppInfo appInfo = mApps.get(appConfig); + if (appInfo == null) { + Log.e(TAG, "No AppInfo found for AppConfig: " + appConfig); + break; + } + int appId = appInfo.mAppId; if (!unregisterHealthAppNative(appId)) { Log.e(TAG, "Failed to unregister application: id: " + appId); callStatusCallback(appConfig, @@ -201,7 +206,12 @@ public class HealthService extends ProfileService { { HealthChannel chan = (HealthChannel) msg.obj; byte[] devAddr = Utils.getByteAddress(chan.mDevice); - int appId = (mApps.get(chan.mConfig)).mAppId; + AppInfo appInfo = mApps.get(chan.mConfig); + if (appInfo == null) { + Log.e(TAG, "No AppInfo found for AppConfig: " + chan.mConfig); + break; + } + int appId = appInfo.mAppId; chan.mChannelId = connectChannelNative(devAddr, appId); if (chan.mChannelId == -1) { callHealthChannelCallback(chan.mConfig, chan.mDevice, @@ -241,6 +251,10 @@ public class HealthService extends ProfileService { regStatus == BluetoothHealth.APP_CONFIG_UNREGISTRATION_SUCCESS) { //unlink to death once app is unregistered AppInfo appInfo = mApps.get(appConfig); + if (appInfo == null){ + Log.e(TAG, "No AppInfo found for AppConfig " + appConfig); + break; + } appInfo.cleanup(); mApps.remove(appConfig); } @@ -254,7 +268,7 @@ public class HealthService extends ProfileService { findAppConfigByAppId(channelStateEvent.mAppId); int newState; newState = convertHalChannelState(channelStateEvent.mState); - if (newState == BluetoothHealth.STATE_CHANNEL_DISCONNECTED && + if (newState == BluetoothHealth.STATE_CHANNEL_DISCONNECTED || appConfig == null) { Log.e(TAG,"Disconnected for non existing app"); break; @@ -512,9 +526,15 @@ public class HealthService extends ProfileService { private void callStatusCallback(BluetoothHealthAppConfiguration config, int status) { if (VDBG) log ("Health Device Application: " + config + " State Change: status:" + status); - IBluetoothHealthCallback callback = (mApps.get(config)).mCallback; + AppInfo appInfo = mApps.get(config); + if (appInfo == null) { + Log.e(TAG, " No AppInfo found for AppConfig " + config); + return; + } + IBluetoothHealthCallback callback = appInfo.mCallback; if (callback == null) { Log.e(TAG, "Callback object null"); + return; } try { @@ -604,8 +624,12 @@ public class HealthService extends ProfileService { Log.e(TAG, "Exception while duping: " + e); } } - - IBluetoothHealthCallback callback = (mApps.get(config)).mCallback; + AppInfo appInfo = mApps.get(config); + if (appInfo == null) { + Log.e(TAG, "No AppInfo found for AppConfig " + config); + return; + } + IBluetoothHealthCallback callback = appInfo.mCallback; if (callback == null) { Log.e(TAG, "No callback found for config: " + config); return; |