80 lines
2.5 KiB
Diff
80 lines
2.5 KiB
Diff
From: Kamal Negi <kamaln@codeaurora.org>
|
|
Date: Fri, 8 May 2015 15:01:02 +0530
|
|
Subject: [PATCH] Handle NULL Pointer derefrencing in AVRCP Target role
|
|
|
|
Check NULL pointer to AVRCP controller role initialized or not.
|
|
If remote device don't support the AVRCP target role, then HOST dont
|
|
initialize AVRCP controller role and directly dereference the controller
|
|
role and segfault happens.
|
|
|
|
Change-Id: Ibbb9452f17a576c3a79a53ea72e0211982752144
|
|
Signed-off-by: Kamal Negi <kamaln@codeaurora.org>
|
|
---
|
|
profiles/audio/avrcp.c | 27 ++++++++++++++++++++++-----
|
|
1 file changed, 22 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
|
|
index c100149acf42..d8cb0ed96a1f 100644
|
|
--- a/profiles/audio/avrcp.c
|
|
+++ b/profiles/audio/avrcp.c
|
|
@@ -2082,13 +2082,19 @@ static gboolean avrcp_get_play_status_rsp(struct avctp *conn, uint8_t code,
|
|
void *user_data)
|
|
{
|
|
struct avrcp *session = user_data;
|
|
- struct avrcp_player *player = session->controller->player;
|
|
- struct media_player *mp = player->user_data;
|
|
+ struct avrcp_player *player;
|
|
+ struct media_player *mp;
|
|
struct avrcp_header *pdu = (void *) operands;
|
|
uint32_t duration;
|
|
uint32_t position;
|
|
uint8_t status;
|
|
|
|
+ if (!session || !session->controller)
|
|
+ return FALSE;
|
|
+
|
|
+ player = session->controller->player;
|
|
+ mp = player->user_data;
|
|
+
|
|
if (pdu == NULL || code == AVC_CTYPE_REJECTED ||
|
|
ntohs(pdu->params_len) != 9)
|
|
return FALSE;
|
|
@@ -2146,12 +2152,18 @@ static gboolean avrcp_player_value_rsp(struct avctp *conn, uint8_t code,
|
|
void *user_data)
|
|
{
|
|
struct avrcp *session = user_data;
|
|
- struct avrcp_player *player = session->controller->player;
|
|
- struct media_player *mp = player->user_data;
|
|
+ struct avrcp_player *player;
|
|
+ struct media_player *mp;
|
|
struct avrcp_header *pdu = (void *) operands;
|
|
uint8_t count;
|
|
int i;
|
|
|
|
+ if (!session || !session->controller)
|
|
+ return FALSE;
|
|
+
|
|
+ player = session->controller->player;
|
|
+ mp = player->user_data;
|
|
+
|
|
if (pdu == NULL) {
|
|
media_player_set_setting(mp, "Error", "Timeout");
|
|
return FALSE;
|
|
@@ -2303,10 +2315,15 @@ static gboolean avrcp_get_element_attributes_rsp(struct avctp *conn,
|
|
void *user_data)
|
|
{
|
|
struct avrcp *session = user_data;
|
|
- struct avrcp_player *player = session->controller->player;
|
|
+ struct avrcp_player *player;
|
|
struct avrcp_header *pdu = (void *) operands;
|
|
uint8_t count;
|
|
|
|
+ if (!session || !session->controller)
|
|
+ return FALSE;
|
|
+
|
|
+ player = session->controller->player;
|
|
+
|
|
if (code == AVC_CTYPE_REJECTED)
|
|
return FALSE;
|
|
|