From b6e9a15e814304bfef70988f54c3b9c2fbe61003 Mon Sep 17 00:00:00 2001 From: gengyuchao Date: Thu, 20 Feb 2020 19:38:53 +0800 Subject: [PATCH] Component/bt : Add handling of osi memory calloc failure. Add length check for snprintf in osi config. --- components/bt/common/osi/config.c | 15 +++++++++------ components/bt/common/osi/fixed_queue.c | 8 +++++--- components/bt/common/osi/list.c | 3 +++ 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/components/bt/common/osi/config.c b/components/bt/common/osi/config.c index 75ec63967..698c37be0 100644 --- a/components/bt/common/osi/config.c +++ b/components/bt/common/osi/config.c @@ -389,7 +389,7 @@ bool config_save(const config_t *config, const char *filename) const size_t keyname_bufsz = sizeof(CONFIG_KEY) + 5 + 1; // including log10(sizeof(i)) char *keyname = osi_calloc(keyname_bufsz); int config_size = get_config_size(config); - char *buf = osi_calloc(config_size + 100); + char *buf = osi_calloc(config_size); if (!line || !buf || !keyname) { err_code |= 0x01; goto error; @@ -414,8 +414,8 @@ bool config_save(const config_t *config, const char *filename) err_code |= 0x10; goto error; } - if(w_cnt_total + w_cnt > config_size + 100) { - OSI_TRACE_ERROR("%s, memcpy size (w_cnt + w_cnt_total = %d) is larger than buffer size.", __func__, w_cnt + w_cnt_total); + if(w_cnt_total + w_cnt > config_size) { + OSI_TRACE_ERROR("%s, memcpy size (w_cnt + w_cnt_total = %d) is larger than buffer size (config_size = %d).", __func__, (w_cnt + w_cnt_total), config_size); err_code |= 0x20; goto error; } @@ -432,8 +432,8 @@ bool config_save(const config_t *config, const char *filename) err_code |= 0x10; goto error; } - if(w_cnt_total + w_cnt > config_size + 100) { - OSI_TRACE_ERROR("%s, memcpy size (w_cnt + w_cnt_total = %d) is larger than buffer size.", __func__, w_cnt + w_cnt_total); + if(w_cnt_total + w_cnt > config_size) { + OSI_TRACE_ERROR("%s, memcpy size (w_cnt + w_cnt_total = %d) is larger than buffer size.(config_size = %d)", __func__, (w_cnt + w_cnt_total), config_size); err_code |= 0x20; goto error; } @@ -543,7 +543,10 @@ static void config_parse(nvs_handle fp, config_t *config) const size_t keyname_bufsz = sizeof(CONFIG_KEY) + 5 + 1; // including log10(sizeof(i)) char *keyname = osi_calloc(keyname_bufsz); int buf_size = get_config_size_from_flash(fp); - char *buf = osi_calloc(buf_size + 100); + char *buf = osi_calloc(buf_size); + if(buf_size == 0) { //First use nvs + goto error; + } if (!line || !section || !buf || !keyname) { err_code |= 0x01; goto error; diff --git a/components/bt/common/osi/fixed_queue.c b/components/bt/common/osi/fixed_queue.c index d0e68edb2..df8bfff33 100644 --- a/components/bt/common/osi/fixed_queue.c +++ b/components/bt/common/osi/fixed_queue.c @@ -129,17 +129,19 @@ size_t fixed_queue_capacity(fixed_queue_t *queue) void fixed_queue_enqueue(fixed_queue_t *queue, void *data) { + bool status=false; //Flag whether enqueued success + assert(queue != NULL); assert(data != NULL); osi_sem_take(&queue->enqueue_sem, OSI_SEM_MAX_TIMEOUT); osi_mutex_lock(&queue->lock, OSI_MUTEX_MAX_TIMEOUT); - - list_append(queue->list, data); + status = list_append(queue->list, data); //Check whether enqueued success osi_mutex_unlock(&queue->lock); - osi_sem_give(&queue->dequeue_sem); + if(status == true) + osi_sem_give(&queue->dequeue_sem); } void *fixed_queue_dequeue(fixed_queue_t *queue) diff --git a/components/bt/common/osi/list.c b/components/bt/common/osi/list.c index 730fe4e97..93db17fb3 100644 --- a/components/bt/common/osi/list.c +++ b/components/bt/common/osi/list.c @@ -102,6 +102,7 @@ bool list_insert_after(list_t *list, list_node_t *prev_node, void *data) { assert(data != NULL); list_node_t *node = (list_node_t *)osi_calloc(sizeof(list_node_t)); if (!node) { + OSI_TRACE_ERROR("%s osi_calloc failed.\n", __FUNCTION__ ); return false; } node->next = prev_node->next; @@ -120,6 +121,7 @@ bool list_prepend(list_t *list, void *data) assert(data != NULL); list_node_t *node = (list_node_t *)osi_calloc(sizeof(list_node_t)); if (!node) { + OSI_TRACE_ERROR("%s osi_calloc failed.\n", __FUNCTION__ ); return false; } node->next = list->head; @@ -138,6 +140,7 @@ bool list_append(list_t *list, void *data) assert(data != NULL); list_node_t *node = (list_node_t *)osi_calloc(sizeof(list_node_t)); if (!node) { + OSI_TRACE_ERROR("%s osi_calloc failed.\n", __FUNCTION__ ); return false; } node->next = NULL;