Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / bt / 2408d9eefd882e753753d313b85f7a9a786dea2b^! / .
commit2408d9eefd882e753753d313b85f7a9a786dea2b[log] [tgz]
authorElliott Hughes <enh@google.com>Wed Oct 02 21:28:50 2013 -0700
committerElliott Hughes <enh@google.com>Wed Oct 02 21:28:50 2013 -0700
treeedea020dc9fd64c364bc67d3f370053dc38febed
parenta3c389f35287c9b1642c6f9a35fd22ff28f47919 [diff]
Fix uipc.c to never pass -1 to FD_ISSET.

The behavior of FD_ISSET when passed -1 is undefined.

I checked all calls of FD_SET and FD_CLR in this file, and they all
seem to be correctly guarded. None of the FD_ISSET calls were, so I
added a SAFE_FD_ISSET macro to return false when passed -1, which is
presumably what the callers intended.

This allows Bluetooth to be enabled on a device where the C library
aborts if passed any out of range fd.

Bug: 11047121
Change-Id: I261404a5a80884d5e9edab8beb3c93969113dc76

diff --git a/Android.mk b/Android.mk
index b5fe1d8..5f2d274 100644
--- a/Android.mk
+++ b/Android.mk

@@ -13,4 +13,4 @@
 
 # Cleanup our locals
 bdroid_C_INCLUDES :=
-bdroid_CFLaGS :=
+bdroid_CFLAGS :=

diff --git a/udrv/ulinux/uipc.c b/udrv/ulinux/uipc.c
index 4e8a273..ff99f0e 100644
--- a/udrv/ulinux/uipc.c
+++ b/udrv/ulinux/uipc.c

@@ -66,6 +66,8 @@
 #define UIPC_LOCK() /*BTIF_TRACE_EVENT1(" %s lock", __FUNCTION__);*/ pthread_mutex_lock(&uipc_main.mutex);
 #define UIPC_UNLOCK() /*BTIF_TRACE_EVENT1("%s unlock", __FUNCTION__);*/ pthread_mutex_unlock(&uipc_main.mutex);
 
+#define SAFE_FD_ISSET(fd, set) (((fd) == -1) ? FALSE : FD_ISSET((fd), (set)))
+
 /*****************************************************************************
 **  Local type definitions
 ******************************************************************************/
@@ -318,7 +320,7 @@
 
     //BTIF_TRACE_EVENT2("CHECK SRVFD %d (ch %d)", uipc_main.ch[ch_id].srvfd, ch_id);
 
-    if (FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
     {
         BTIF_TRACE_EVENT1("INCOMING CONNECTION ON CH %d", ch_id);
 
@@ -347,7 +349,7 @@
 
     //BTIF_TRACE_EVENT2("CHECK FD %d (ch %d)", uipc_main.ch[ch_id].fd, ch_id);
 
-    if (FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
     {
         //BTIF_TRACE_EVENT1("INCOMING DATA ON CH %d", ch_id);
 
@@ -359,7 +361,7 @@
 
 static void uipc_check_interrupt_locked(void)
 {
-    if (FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
     {
         char sig_recv = 0;
         //BTIF_TRACE_EVENT0("UIPC INTERRUPT");