From 2caa28b1c73c724a7135c4b512d37dcaa60abaa5 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Thu, 10 Jan 2013 18:50:56 +0900 Subject: [PATCH] [Title] fix the Dereference before null check, Operands don't affect result [Desc.] modify vmodem/at/at_rx_security.c, at_send.c, at_tx_sat.c --- vmodem/at/at_rx_security.c | 2 ++ vmodem/at/at_send.c | 2 ++ vmodem/at/at_tx_sat.c | 8 ++++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/vmodem/at/at_rx_security.c b/vmodem/at/at_rx_security.c index d7a6db0..f349299 100644 --- a/vmodem/at/at_rx_security.c +++ b/vmodem/at/at_rx_security.c @@ -573,6 +573,8 @@ static int at_rx_sim_sec_get_rsim_access_req(char* atmsg) int hexaStringSize = (len * 2) + 1; char* hexaStringP = malloc(hexaStringSize); + if(!hexaStringP) + return -1; TRACE(MSGL_VGSM_INFO, "hexaStringSize:%d\n", hexaStringSize); diff --git a/vmodem/at/at_send.c b/vmodem/at/at_send.c index d99cf05..c7b54fa 100644 --- a/vmodem/at/at_send.c +++ b/vmodem/at/at_send.c @@ -109,6 +109,8 @@ int at_msg_send(unsigned char ack, void *data, int datasize) if (datasize <= MAX_HDLC_FRAME_SIZE) { // allocate memory rawdata = malloc(datasize + 1); + if(!rawdata) + return -1; // make at rawdata rc = make_single_at(data, datasize, rawdata); diff --git a/vmodem/at/at_tx_sat.c b/vmodem/at/at_tx_sat.c index 79e85cf..6deb6c4 100644 --- a/vmodem/at/at_tx_sat.c +++ b/vmodem/at/at_tx_sat.c @@ -46,10 +46,14 @@ int TxSAT_ATGetProactiveCommand(GSM_SatProactiveCmd const* pProactiveCmd) TRACE(MSGL_VGSM_INFO, "\n"); - assert(!(pProactiveCmd->length&0xff00)); + // this is always passed because (pProactiveCmd->length&0xff00) is always 0, so comment out + //assert(!(pProactiveCmd->length&0xff00)); data[n++] = (pProactiveCmd->length)&0xff; - data[n++] = (pProactiveCmd->length >> 8)&0xff; + // this is always 0 because (pProactiveCmd->length >> 8) is 0, so fix like below + //data[n++] = (pProactiveCmd->length >> 8)&0xff; + data[n++] = 0; + memcpy(&data[n], pProactiveCmd->cmd, pProactiveCmd->length); n += pProactiveCmd->length; -- 2.7.4