From: Andrei Emeltchenko <[email protected]>
calloc() might return NULL and is usually checked for NULL in BlueZ.
---
android/hal-audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/android/hal-audio.c b/android/hal-audio.c
index 4326ccd..2fbb956 100644
--- a/android/hal-audio.c
+++ b/android/hal-audio.c
@@ -320,6 +320,8 @@ static int sbc_codec_init(struct audio_preset *preset, uint16_t mtu,
}
sbc_data = calloc(sizeof(struct sbc_data), 1);
+ if (!sbc_data)
+ return AUDIO_STATUS_FAILED;
memcpy(&sbc_data->sbc, preset->data, preset->len);
--
1.8.3.2
From: Andrei Emeltchenko <[email protected]>
Fixes memory leak when returning bad fd we still allocate memory which
is not freed in the caller function audio_open_output_stream().
---
android/hal-audio.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/android/hal-audio.c b/android/hal-audio.c
index 2fbb956..9bbb53d 100644
--- a/android/hal-audio.c
+++ b/android/hal-audio.c
@@ -705,8 +705,7 @@ static int ipc_open_stream_cmd(uint8_t endpoint_id, uint16_t *mtu, int *fd,
result = audio_ipc_cmd(AUDIO_SERVICE_ID, AUDIO_OP_OPEN_STREAM,
sizeof(cmd), &cmd, &rsp_len, rsp, fd);
-
- if (result == AUDIO_STATUS_SUCCESS) {
+ if (result == AUDIO_STATUS_SUCCESS && *fd >= 0) {
size_t buf_len = sizeof(struct audio_preset) +
rsp->preset[0].len;
*mtu = rsp->mtu;
--
1.8.3.2