From 2fe29e4e84722b745877e026e48a21ad5a2840fd Mon Sep 17 00:00:00 2001 From: Atul Rai Date: Mon, 22 Jun 2015 16:36:23 +0530 Subject: [PATCH] Fix NULL Returns in bt-api/bt-hid-device.c This patch added NULL return check after malloc to prevent bt-service crash in case enough memory could not be allocated. Change-Id: I352304f24c2180cdebdd5ac4393e3e4b0c4b28d5 Signed-off-by: Atul Rai --- bt-api/bt-hid-device.c | 64 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 8 deletions(-) diff --git a/bt-api/bt-hid-device.c b/bt-api/bt-hid-device.c index bd046ad..2631e12 100644 --- a/bt-api/bt-hid-device.c +++ b/bt-api/bt-hid-device.c @@ -245,14 +245,26 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, data.type = HTYPE_TRANS_HANDSHAKE; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; case HIDP_TRANS_HID_CONTROL: BT_INFO("HID CONTROL"); data.type = HTYPE_TRANS_HID_CONTROL; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; case HIDP_TRANS_DATA: BT_INFO("TRANS DATA"); @@ -262,14 +274,26 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, data.param = PTYPE_DATA_RTYPE_INPUT; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } } else { BT_INFO("Out Report"); data.param = PTYPE_DATA_RTYPE_OUTPUT; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } } break; case HIDP_TRANS_GET_REPORT: { @@ -284,7 +308,13 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, } data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; } case HIDP_TRANS_SET_REPORT: { @@ -299,7 +329,13 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, } data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; } case HIDP_TRANS_GET_PROTOCOL:{ @@ -308,7 +344,13 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, data.param = PTYPE_DATA_RTYPE_INPUT; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; } case HIDP_TRANS_SET_PROTOCOL:{ @@ -317,7 +359,13 @@ static gboolean __received_cb(GIOChannel *chan, GIOCondition cond, data.param = PTYPE_DATA_RTYPE_INPUT; data.buffer_size = len; data.buffer = (char *) malloc(sizeof(char) * len); - memcpy(data.buffer, buffer, len); + /* Fix : NULL_RETURNS */ + if (NULL == data.buffer) { + BT_ERR("Failed to allocate memory"); + data.buffer_size = 0; + } else { + memcpy(data.buffer, buffer, len); + } break; } default: { -- 2.7.4