Fix uipc.c to never pass -1 to FD_ISSET.
The behavior of FD_ISSET when passed -1 is undefined.
I checked all calls of FD_SET and FD_CLR in this file, and they all
seem to be correctly guarded. None of the FD_ISSET calls were, so I
added a SAFE_FD_ISSET macro to return false when passed -1, which is
presumably what the callers intended.
This allows Bluetooth to be enabled on a device where the C library
aborts if passed any out of range fd.
Bug: 11047121
Change-Id: I261404a5a80884d5e9edab8beb3c93969113dc76
diff --git a/Android.mk b/Android.mk
index b5fe1d8..5f2d274 100644
--- a/Android.mk
+++ b/Android.mk
@@ -13,4 +13,4 @@
# Cleanup our locals
bdroid_C_INCLUDES :=
-bdroid_CFLaGS :=
+bdroid_CFLAGS :=
diff --git a/udrv/ulinux/uipc.c b/udrv/ulinux/uipc.c
index 4e8a273..ff99f0e 100644
--- a/udrv/ulinux/uipc.c
+++ b/udrv/ulinux/uipc.c
@@ -66,6 +66,8 @@
#define UIPC_LOCK() /*BTIF_TRACE_EVENT1(" %s lock", __FUNCTION__);*/ pthread_mutex_lock(&uipc_main.mutex);
#define UIPC_UNLOCK() /*BTIF_TRACE_EVENT1("%s unlock", __FUNCTION__);*/ pthread_mutex_unlock(&uipc_main.mutex);
+#define SAFE_FD_ISSET(fd, set) (((fd) == -1) ? FALSE : FD_ISSET((fd), (set)))
+
/*****************************************************************************
** Local type definitions
******************************************************************************/
@@ -318,7 +320,7 @@
//BTIF_TRACE_EVENT2("CHECK SRVFD %d (ch %d)", uipc_main.ch[ch_id].srvfd, ch_id);
- if (FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
+ if (SAFE_FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
{
BTIF_TRACE_EVENT1("INCOMING CONNECTION ON CH %d", ch_id);
@@ -347,7 +349,7 @@
//BTIF_TRACE_EVENT2("CHECK FD %d (ch %d)", uipc_main.ch[ch_id].fd, ch_id);
- if (FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
+ if (SAFE_FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
{
//BTIF_TRACE_EVENT1("INCOMING DATA ON CH %d", ch_id);
@@ -359,7 +361,7 @@
static void uipc_check_interrupt_locked(void)
{
- if (FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
+ if (SAFE_FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
{
char sig_recv = 0;
//BTIF_TRACE_EVENT0("UIPC INTERRUPT");