[pulseaudio-discuss] [PATCH v2 2/2] bluetooth: Fix negative array index write
Peter Meerwald-Stadler
pmeerw at pmeerw.net
Wed Aug 17 12:48:46 UTC 2016
From: Peter Meerwald <p.meerwald at bct-electronic.com>
CID 1533121
Signed-off-by: Peter Meerwald-Stadler <pmeerw at pmeerw.net>
---
v2: use pa_read() as Tanu suggested
---
src/modules/bluetooth/backend-native.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/modules/bluetooth/backend-native.c b/src/modules/bluetooth/backend-native.c
index 86376c0..cf88126 100644
--- a/src/modules/bluetooth/backend-native.c
+++ b/src/modules/bluetooth/backend-native.c
@@ -231,14 +231,17 @@ static void rfcomm_io_callback(pa_mainloop_api *io, pa_io_event *e, int fd, pa_i
ssize_t len;
int gain;
- len = read(fd, buf, 511);
+ len = pa_read(fd, buf, 511, NULL);
+ if (len < 0) {
+ pa_log_error("RFCOMM read error: %s", pa_cstrerror(errno));
+ goto fail;
+ }
buf[len] = 0;
pa_log_debug("RFCOMM << %s", buf);
if (sscanf(buf, "AT+VGS=%d", &gain) == 1) {
t->speaker_gain = gain;
pa_hook_fire(pa_bluetooth_discovery_hook(t->device->discovery, PA_BLUETOOTH_HOOK_TRANSPORT_SPEAKER_GAIN_CHANGED), t);
-
} else if (sscanf(buf, "AT+VGM=%d", &gain) == 1) {
t->microphone_gain = gain;
pa_hook_fire(pa_bluetooth_discovery_hook(t->device->discovery, PA_BLUETOOTH_HOOK_TRANSPORT_MICROPHONE_GAIN_CHANGED), t);
@@ -259,7 +262,6 @@ static void rfcomm_io_callback(pa_mainloop_api *io, pa_io_event *e, int fd, pa_i
fail:
pa_bluetooth_transport_unlink(t);
pa_bluetooth_transport_free(t);
- return;
}
static void transport_destroy(pa_bluetooth_transport *t) {
--
2.7.4
More information about the pulseaudio-discuss
mailing list