[rilmodem/gril] If RIL message event_data is NULL, ril_msg->buf contains garbage
Bug #1254219 reported by
Tony Espy
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ofono (Ubuntu) |
Fix Released
|
Undecided
|
Alfonso Sanchez-Beato | ||
Bug Description
A RIL Reply is comprised of the following fields:
uint32_t - Length
uint32_t - 0 (this means it's a reply vs. an event)
uint32_t - Serial Number
uint32_t - Error code
void* - Event Data
If the event data is empty, the low-level gril.c function dispatch() incorrectly handles the message, and fails to free the buf pointer and set the buf_len to 0.
Currently all of our rilmodem code checks the error code first, before attempting to parse the buffer. We recently discovered that SIM_IO responses may contain event_data even though error is non-zero. When we changed the code to parse the data on a SIM IO even when error was non-zero, bad things happened due to buf and buf_len being invalid.
Related branches
lp:~phablet-team/ofono/refactor-update-from-rilmodem
- Ricardo Salveti (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
-
Diff: 5425 lines (+3369/-562)34 files modified.gitignore (+4/-0)
Makefile.am (+3/-0)
debian/changelog (+40/-0)
debian/rules (+9/-0)
doc/messagemanager-api.txt (+10/-0)
drivers/rilmodem/call-volume.c (+18/-30)
drivers/rilmodem/devinfo.c (+12/-17)
drivers/rilmodem/gprs.c (+2/-2)
drivers/rilmodem/rilutil.c (+0/-93)
drivers/rilmodem/rilutil.h (+0/-4)
drivers/rilmodem/sim.c (+48/-13)
drivers/rilmodem/sms.c (+168/-100)
drivers/rilmodem/voicecall.c (+328/-76)
gril/gril.c (+63/-60)
gril/gril.h (+1/-1)
gril/grilreply.c (+256/-15)
gril/grilreply.h (+27/-9)
gril/grilrequest.c (+149/-0)
gril/grilrequest.h (+40/-0)
gril/grilunsol.c (+95/-3)
gril/grilunsol.h (+24/-3)
gril/grilutil.c (+1/-0)
gril/parcel.c (+7/-5)
gril/ril_constants.h (+25/-0)
include/types.h (+6/-0)
plugins/smshistory.c (+151/-0)
src/stk.c (+1/-1)
src/storage.h (+1/-1)
test/monitor-ofono (+1/-1)
unit/test-caif.c (+18/-8)
unit/test-grilreply.c (+1350/-64)
unit/test-grilrequest.c (+379/-42)
unit/test-grilunsol.c (+129/-10)
unit/test-mux.c (+3/-4)
| Changed in ofono (Ubuntu): | |
| status: | New → Confirmed |
| Changed in ofono (Ubuntu): | |
| status: | Confirmed → In Progress |
| Changed in ofono (Ubuntu): | |
| assignee: | nobody → Alfonso Sanchez-Beato (alfonsosanchezbeato) |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in ofono (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package ofono - 1.12+bzr6846-
---------------
ofono (1.12+bzr6846-
[ Alfonso Sanchez-Beato ]
* gril, include, rilmodem/sms, unit: SMS re-factoring
- merge applicable nemomobile code
- re-factor parcel code
- add sms parcel unit tests
* build, doc, plugins, test: Add SMS history plugin
- adds support for SMS delivery reports (LP: #1223314)
* gril, src, unit: Fix build warning
* gril, rilmodem/voicecall, unit: Voicecall re-factoring
- merge applicable nemomobile code, including support
for multi-party calling and call hold
- re-factor parcel code
- add voicecall parcel unit tests
* rilmodem: fix memory leaks reported by valgrind
* gril, rilmodem/sim: Remove SIM file-not-found error logging
- includes low-level gril fix to handle ril messages
that include a failure code, but also include event
data (LP: #1254219)
* gril, rilmodem/
- merge applicable nemomobile code
- re-factor parcel code
- add call-volume parcel unit tests
* gril, rilmodem/devinfo, unit: Devinfo re-factoring
- re-factor parcel code
- add devinfo parcel unit tests
[ Tony Espy ]
* unit: Add rilmodem gprs/netreg parcel unit tests
* debian/rules: Add CFLAGS to enable strict warnings checking
* gril, unit: fix const casts in gril and unit tests
* rilmodem/gprs: set default max_cids to 1 (LP: 1254746)
-- Ricardo Salveti de Araujo <email address hidden> Mon, 09 Dec 2013 23:05:49 -0200