Fix uipc.c to never pass -1 to FD_ISSET.

The behavior of FD_ISSET when passed -1 is undefined. I checked all calls of FD_SET and FD_CLR in this file, and they all seem to be correctly guarded. None of the FD_ISSET calls were, so I added a SAFE_FD_ISSET macro to return false when passed -1, which is presumably what the callers intended. This allows Bluetooth to be enabled on a device where the C library aborts if passed any out of range fd. Bug: 11047121 Change-Id: I261404a5a80884d5e9edab8beb3c93969113dc76
sgnanase · Oct 3, 2013 · 2408d9e · 2408d9e
1 parent a3c389f
commit 2408d9e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/Android.mk b/Android.mk
@@ -13,4 +13,4 @@ include $(call all-subdir-makefiles)
 
 # Cleanup our locals
 bdroid_C_INCLUDES :=
-bdroid_CFLaGS :=
+bdroid_CFLAGS :=
diff --git a/udrv/ulinux/uipc.c b/udrv/ulinux/uipc.c
@@ -66,6 +66,8 @@
 #define UIPC_LOCK() /*BTIF_TRACE_EVENT1(" %s lock", __FUNCTION__);*/ pthread_mutex_lock(&uipc_main.mutex);
 #define UIPC_UNLOCK() /*BTIF_TRACE_EVENT1("%s unlock", __FUNCTION__);*/ pthread_mutex_unlock(&uipc_main.mutex);
 
+#define SAFE_FD_ISSET(fd, set) (((fd) == -1) ? FALSE : FD_ISSET((fd), (set)))
+
 /*****************************************************************************
 **  Local type definitions
 ******************************************************************************/
@@ -318,7 +320,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id)
 
     //BTIF_TRACE_EVENT2("CHECK SRVFD %d (ch %d)", uipc_main.ch[ch_id].srvfd, ch_id);
 
-    if (FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].srvfd, &uipc_main.read_set))
     {
         BTIF_TRACE_EVENT1("INCOMING CONNECTION ON CH %d", ch_id);
 
@@ -347,7 +349,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id)
 
     //BTIF_TRACE_EVENT2("CHECK FD %d (ch %d)", uipc_main.ch[ch_id].fd, ch_id);
 
-    if (FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.ch[ch_id].fd, &uipc_main.read_set))
     {
         //BTIF_TRACE_EVENT1("INCOMING DATA ON CH %d", ch_id);
 
@@ -359,7 +361,7 @@ static int uipc_check_fd_locked(tUIPC_CH_ID ch_id)
 
 static void uipc_check_interrupt_locked(void)
 {
-    if (FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
+    if (SAFE_FD_ISSET(uipc_main.signal_fds[0], &uipc_main.read_set))
     {
         char sig_recv = 0;
         //BTIF_TRACE_EVENT0("UIPC INTERRUPT");