Fix a segmentation fault error when calling read_attribute_req API

author saerome kim <saerome.kim@samsung.com>

Wed, 8 Feb 2017 11:51:26 +0000 (20:51 +0900)

committer saerome.kim <saerome.kim@samsung.com>

Thu, 11 May 2017 09:10:26 +0000 (18:10 +0900)
author saerome kim <saerome.kim@samsung.com>
Wed, 8 Feb 2017 11:51:26 +0000 (20:51 +0900)
committer saerome.kim <saerome.kim@samsung.com>
Thu, 11 May 2017 09:10:26 +0000 (18:10 +0900)
diff --git a/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c b/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c

index dd66b3f..d90560c 100644 (file)
--- a/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c
+++ b/zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c
@@ -90,13 +90,13 @@ static gboolean on_zclglobal_control_read_attributes_req(ZigbeeZcl_global_contro
         ZigbeeServiceInterfaceRespCbData_t *resp_cb_data = NULL;
  
         GVariantIter *iter = NULL;
-       gint i = 0;
+       guint i = 0;
  
         gboolean ret;
  
         memset(&req, 0x0, sizeof(ZigbeeZclGlobalControlReadAttributesRequest_t));
  
-       req.attribute_id = g_try_malloc0_n(attribute_ids_length, sizeof(unsigned char));
+       req.attribute_id = g_try_malloc0_n(attribute_ids_length, sizeof(unsigned short));
         if (NULL == req.attribute_id) {
                 Z_LOGE("Failed to allocation !");
  
@@ -110,7 +110,7 @@ static gboolean on_zclglobal_control_read_attributes_req(ZigbeeZcl_global_contro
         g_variant_get(attribute_id, "a(y)", &iter);
         while (g_variant_iter_loop(iter, "(y)", &(req.attribute_id[i]))) {
                 i++;
-               if (i >= attribute_ids_length)
+               if (i >= (attribute_ids_length * sizeof(unsigned short)))
                         break;
         }
         req.attribute_id_len = attribute_ids_length;
diff --git a/zigbee-daemon/zigbee-lib/src/zblib_request.c b/zigbee-daemon/zigbee-lib/src/zblib_request.c

index 23f2c6d..3bf18fc 100644 (file)
--- a/zigbee-daemon/zigbee-lib/src/zblib_request.c
+++ b/zigbee-daemon/zigbee-lib/src/zblib_request.c
@@ -1484,12 +1484,16 @@ static gpointer __zblib_request_create_zcl_global_control_request_data(guint req
  
                 in_req = (ZigbeeZclGlobalControlReadAttributesRequest_t *)request_data;
                 if (NULL != in_req) {
+                       guint i;
                         /* Allocate memory */
                         req = (ZigbeeZclGlobalControlReadAttributesRequest_t *)
                                 g_malloc0(sizeof(ZigbeeZclGlobalControlReadAttributesRequest_t));
  
                         /* Copy data */
-                       req->attribute_id = g_memdup(in_req->attribute_id, in_req->attribute_id_len);
+                       for (i = 0; i < (in_req->attribute_id_len * sizeof(short)); i++)
+                               Z_LOGE("in_req->attribute_id[%d] = 0x%X", i, in_req->attribute_id[i]);
+                       req->attribute_id = g_memdup(in_req->attribute_id,
+                               in_req->attribute_id_len * sizeof(short));
                         req->attribute_id_len = in_req->attribute_id_len;
                         req->node_id = in_req->node_id;
                         req->cluster_id = in_req->cluster_id;
author	saerome kim <saerome.kim@samsung.com>
	Wed, 8 Feb 2017 11:51:26 +0000 (20:51 +0900)
committer	saerome.kim <saerome.kim@samsung.com>
	Thu, 11 May 2017 09:10:26 +0000 (18:10 +0900)
zigbee-daemon/zigbee-interface/src/zigbee_service_dbus_interface_zcl_global_control.c		patch \| blob \| history
zigbee-daemon/zigbee-lib/src/zblib_request.c		patch \| blob \| history