[pulseaudio-discuss] [PATCH v2 2/2] bluetooth: Fix negative array index write

[Tanu Kaskinen]

On Wed, 2016-08-17 at 14:48 +0200, Peter Meerwald-Stadler wrote:
> > From: Peter Meerwald <p.meerwald at bct-electronic.com>
> 
> CID 1533121
> 
> > Signed-off-by: Peter Meerwald-Stadler <pmeerw at pmeerw.net>
> 
> ---
> v2: use pa_read() as Tanu suggested
> ---
>  src/modules/bluetooth/backend-native.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/src/modules/bluetooth/backend-native.c b/src/modules/bluetooth/backend-native.c
> index 86376c0..cf88126 100644
> --- a/src/modules/bluetooth/backend-native.c
> +++ b/src/modules/bluetooth/backend-native.c
> @@ -231,14 +231,17 @@ static void rfcomm_io_callback(pa_mainloop_api *io, pa_io_event *e, int fd, pa_i
>          ssize_t len;
>          int gain;
>  
> -        len = read(fd, buf, 511);
> +        len = pa_read(fd, buf, 511, NULL);
> +        if (len < 0) {
> +            pa_log_error("RFCOMM read error: %s", pa_cstrerror(errno));
> +            goto fail;
> +        }
>          buf[len] = 0;
>          pa_log_debug("RFCOMM << %s", buf);
>  
>          if (sscanf(buf, "AT+VGS=%d", &gain) == 1) {
>            t->speaker_gain = gain;
>            pa_hook_fire(pa_bluetooth_discovery_hook(t->device->discovery, PA_BLUETOOTH_HOOK_TRANSPORT_SPEAKER_GAIN_CHANGED), t);
> -
>          } else if (sscanf(buf, "AT+VGM=%d", &gain) == 1) {
>            t->microphone_gain = gain;
>            pa_hook_fire(pa_bluetooth_discovery_hook(t->device->discovery, PA_BLUETOOTH_HOOK_TRANSPORT_MICROPHONE_GAIN_CHANGED), t);
> @@ -259,7 +262,6 @@ static void rfcomm_io_callback(pa_mainloop_api *io, pa_io_event *e, int fd, pa_i
>  fail:
>      pa_bluetooth_transport_unlink(t);
>      pa_bluetooth_transport_free(t);
> -    return;
>  }
>  
>  static void transport_destroy(pa_bluetooth_transport *t) {

Looks good to me.

-- 
Tanu