diff options
| author | Slava Barinov <v.barinov@samsung.com> | 2016-06-29 13:24:57 +0300 |
|---|---|---|
| committer | Seungbae Shin <seungbae.shin@samsung.com> | 2016-07-06 20:48:08 +0900 |
| commit | e6bfd002d72226ea558616a7c83349c3a74bc31d (patch) | |
| tree | bf8afd3c58fcdb8cb71eda9d81879f72b042b2c1 | |
| parent | c774982fd8d8002f9908e148a84d92ddef02e46f (diff) | |
| download | audio-hal-sc7727-e6bfd002d72226ea558616a7c83349c3a74bc31d.tar.gz audio-hal-sc7727-e6bfd002d72226ea558616a7c83349c3a74bc31d.tar.bz2 audio-hal-sc7727-e6bfd002d72226ea558616a7c83349c3a74bc31d.zip | |
Restoring vbc_ctrl_pipe_info pointer before accesssubmit/tizen/20160706.115009accepted/tizen/mobile/20160706.132619
The Address Sanitizer finds bug in access to
ah->modem.cp->vbc_ctrl_pipe_info->cp_type which is caused by
modem->vbc_ctrl_pipe_info++ in __audio_modem_start_tag().
Now the pointer is set to array start and points to first type.
[Version] 0.1.17
[Profile] Mobile
[Issue Type] Memory Access Bug
Change-Id: If3c86284df24869920ba557886707c54be8ee109
Signed-off-by: Slava Barinov <v.barinov@samsung.com>
| -rw-r--r-- | packaging/audio-hal-sc7727.spec | 2 | ||||
| -rw-r--r-- | tizen-audio-modem.c | 18 |
2 files changed, 12 insertions, 8 deletions
diff --git a/packaging/audio-hal-sc7727.spec b/packaging/audio-hal-sc7727.spec index cf665c1..10b48b1 100644 --- a/packaging/audio-hal-sc7727.spec +++ b/packaging/audio-hal-sc7727.spec @@ -1,6 +1,6 @@ Name: audio-hal-sc7727 Summary: TIZEN Audio HAL for SC7727 -Version: 0.1.16 +Version: 0.1.17 Release: 0 Group: System/Libraries License: Apache-2.0 diff --git a/tizen-audio-modem.c b/tizen-audio-modem.c index 31b5d2a..78651bc 100644 --- a/tizen-audio-modem.c +++ b/tizen-audio-modem.c @@ -724,6 +724,9 @@ static void __audio_modem_start_tag(void *data, const XML_Char *tag_name, AUDIO_LOG_ERROR("no modem num!"); } } else if (strcmp(tag_name, "cp") == 0) { + static int modem_index = 0; + vbc_ctrl_pipe_para_t *para = &modem->vbc_ctrl_pipe_info[modem_index]; + if (modem->vbc_ctrl_pipe_info) { /* Obtain the modem name \pipe\vbc filed */ if (strcmp(attr[0], "name") != 0) { @@ -741,15 +744,15 @@ static void __audio_modem_start_tag(void *data, const XML_Char *tag_name, AUDIO_LOG_DEBUG("cp name is '%s', pipe is '%s',vbc is '%s'", attr[1], attr[3],attr[5]); if(strcmp(attr[1], "w") == 0) { - modem->vbc_ctrl_pipe_info->cp_type = CP_W; + para->cp_type = CP_W; } else if(strcmp(attr[1], "t") == 0) { - modem->vbc_ctrl_pipe_info->cp_type = CP_TG; + para->cp_type = CP_TG; } - memcpy((void*)modem->vbc_ctrl_pipe_info->s_vbc_ctrl_pipe_name,(void*)attr[3],strlen((char *)attr[3])); - modem->vbc_ctrl_pipe_info->channel_id = atoi((char *)attr[5]); - modem->vbc_ctrl_pipe_info++; + memcpy((void*)para->s_vbc_ctrl_pipe_name,(void*)attr[3],strlen((char *)attr[3])); + para->channel_id = atoi((char *)attr[5]); + modem_index++; } else { AUDIO_LOG_ERROR("error profile!"); @@ -927,7 +930,9 @@ audio_return_t _audio_modem_init(audio_hal_t *ah) AUDIO_LOG_ERROR("modem parse failed"); goto exit; } - ah->modem.cp_type = ah->modem.cp->vbc_ctrl_pipe_info->cp_type; + + /* FIXME : Use cp type of first modem explicitly */ + ah->modem.cp_type = ah->modem.cp->vbc_ctrl_pipe_info[0].cp_type; /* This ctrl need to be set "0" always - SPRD */ _mixer_control_set_value(ah, PIN_SWITCH_BT_IIS_CON_SWITCH, 0); @@ -945,4 +950,3 @@ audio_return_t _audio_modem_deinit(audio_hal_t *ah) return AUDIO_RET_OK; } - |