diff options
| author | Matadeen Mishra <matade@codeaurora.org> | 2015-08-21 09:47:05 +0530 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2015-10-06 03:22:00 -0600 |
| commit | fada44256f77be2e7cdf1b6089c15c4b08a76046 (patch) | |
| tree | 3a19278722436dd7dfc10c723f1feacb1632754b /stack/mcap/mca_csm.c | |
| parent | c50610c030fc7b0bd547750a9851b772d836391a (diff) | |
| download | android_system_bt-fada44256f77be2e7cdf1b6089c15c4b08a76046.tar.gz android_system_bt-fada44256f77be2e7cdf1b6089c15c4b08a76046.tar.bz2 android_system_bt-fada44256f77be2e7cdf1b6089c15c4b08a76046.zip | |
BT: Fixed Static Analysis Issues
- This fix avoids NULL pointer dereferences,
Array Index Out of Bounds Exceptions
and Banned funciton in the bluedroid code
space of Bluetooth.
CRs-Fixed: 890309, 890321
Change-Id: I24ae794ee01b65b5ab15c73cd82677b0481910ad
Diffstat (limited to 'stack/mcap/mca_csm.c')
| -rw-r--r-- | stack/mcap/mca_csm.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/stack/mcap/mca_csm.c b/stack/mcap/mca_csm.c index 0077f350d..e5ce9b3a8 100644 --- a/stack/mcap/mca_csm.c +++ b/stack/mcap/mca_csm.c @@ -202,7 +202,7 @@ void mca_ccb_event(tMCA_CCB *p_ccb, UINT8 event, tMCA_CCB_EVT *p_data) p_ccb->state = state_table[event][MCA_CCB_NEXT_STATE]; /* execute action functions */ - if ((action = state_table[event][MCA_CCB_ACT_COL]) != MCA_CCB_IGNORE) + if ((action = state_table[event][MCA_CCB_ACT_COL]) < MCA_CCB_IGNORE) { (*mca_ccb_action[action])(p_ccb, p_data); } @@ -368,10 +368,18 @@ BOOLEAN mca_ccb_uses_mdl_id(tMCA_CCB *p_ccb, UINT16 mdl_id) { BOOLEAN uses = FALSE; tMCA_DCB *p_dcb; - int i; + unsigned int i; i = mca_ccb_to_hdl(p_ccb)-1; - p_dcb = &mca_cb.dcb[i*MCA_NUM_MDLS]; + if (i*MCA_NUM_MDLS < MCA_NUM_DCBS) + { + p_dcb = &mca_cb.dcb[i*MCA_NUM_MDLS]; + } + else + { + MCA_TRACE_WARNING("dcb index out of range"); + return uses; + } for (i=0; i<MCA_NUM_MDLS; i++, p_dcb++) { if (p_dcb->state != MCA_DCB_NULL_ST && p_dcb->mdl_id == mdl_id) |