Fix bluetoothd crash in discover_services_reply()

This patch fixes bluetoothd crash in discover_services_reply while
handling sdp browse results if results contains invalid utf8
charactors.

Crash call stack is given below for reference:
0  0xb6ab8094 in raise () from /lib/libc.so.6
1  0xb6ab93f0 in abort () from /lib/libc.so.6
2  0xb6d30250 in ?? () from /lib/libdbus-1.so.3
3  0xb6d29754 in _dbus_warn_check_failed () from /lib/libdbus-1.so.3
4  0xb6d1f8a4 in dbus_message_iter_append_basic () from /lib/libdbus-1.so.3
5  0xb6eccc60 in iter_append_record () at src/device.c:3285
6  discover_services_reply () at src/device.c:3338
7  0xb6ed303c in search_cb () at src/device.c:6657
8  browse_cb () at src/device.c:6695
9  0xb6eae54a in search_completed_cb () at src/sdp-client.c:205
10 0xb6edf77a in sdp_process () at lib/sdp.c:4354
...

Change-Id: Ibe62e01c651847722f92c231d210d93d6c3661c4
Signed-off-by: Atul Rai <a.rai@samsung.com>

diff --git a/src/device.c b/src/device.c
index 9f4ba51..78388f1 100644 (file)
--- a/src/device.c
+++ b/src/device.c
@@ -3334,8 +3334,18 @@ static void discover_services_reply(struct browse_req *req, int err,
                convert_sdp_record_to_xml(rec, result,
                                (void *) g_string_append);
 
-               if (result->len)
-                       iter_append_record(&dict, rec->handle, result->str);
+               if (result->len) {
+                       if (!g_utf8_validate(result->str, -1, NULL)) {
+                               gchar *ptr = NULL;
+
+                               DBG("UTF8 invalid string, make valid");
+                               ptr = g_utf8_make_valid(result->str, -1);
+                               iter_append_record(&dict, rec->handle, ptr);
+                               g_free(ptr);
+                       } else {
+                               iter_append_record(&dict, rec->handle, result->str);
+                       }
+               }
 
                g_string_free(result, TRUE);
        }