From: Andrei Emeltchenko <[email protected]>
When handling vendor dependent pdus len was passed in wrong order to
callback.
---
android/avrcp-lib.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
index c78881f..c280cf8 100644
--- a/android/avrcp-lib.c
+++ b/android/avrcp-lib.c
@@ -128,14 +128,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
const struct avrcp_control_handler *handler;
struct avrcp_header *pdu = (void *) operands;
uint32_t company_id = ntoh24(pdu->company_id);
+ uint16_t params_len = ntohs(pdu->params_len);
if (company_id != IEEEID_BTSIG) {
*code = AVC_CTYPE_NOT_IMPLEMENTED;
return 0;
}
- DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id,
- ntohs(pdu->params_len));
+ DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id, params_len);
pdu->packet_type = 0;
pdu->rsvd = 0;
@@ -163,10 +163,10 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
goto reject;
}
- *code = handler->func(session, transaction, &pdu->params_len,
+ *code = handler->func(session, transaction, ¶ms_len,
pdu->params, session->control_data);
- return AVRCP_HEADER_LENGTH + ntohs(pdu->params_len);
+ return AVRCP_HEADER_LENGTH + params_len;
reject:
pdu->params_len = htons(1);
--
1.8.3.2
Hi Andrei,
On Wed, Feb 26, 2014 at 1:40 PM, Andrei Emeltchenko
<[email protected]> wrote:
> From: Andrei Emeltchenko <[email protected]>
>
> When handling vendor dependent PDUs len was passed in wrong order to
> callback function. It is really wrong to pass such a parameter and
> expect that callbacks would handle it.
> ---
> android/avrcp-lib.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
> index c78881f..2e5a565 100644
> --- a/android/avrcp-lib.c
> +++ b/android/avrcp-lib.c
> @@ -128,14 +128,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
> const struct avrcp_control_handler *handler;
> struct avrcp_header *pdu = (void *) operands;
> uint32_t company_id = ntoh24(pdu->company_id);
> + uint16_t params_len = ntohs(pdu->params_len);
>
> if (company_id != IEEEID_BTSIG) {
> *code = AVC_CTYPE_NOT_IMPLEMENTED;
> return 0;
> }
>
> - DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id,
> - ntohs(pdu->params_len));
> + DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id, params_len);
>
> pdu->packet_type = 0;
> pdu->rsvd = 0;
> @@ -163,10 +163,12 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
> goto reject;
> }
>
> - *code = handler->func(session, transaction, &pdu->params_len,
> + *code = handler->func(session, transaction, ¶ms_len,
> pdu->params, session->control_data);
>
> - return AVRCP_HEADER_LENGTH + ntohs(pdu->params_len);
> + pdu->params_len = htons(params_len);
> +
> + return AVRCP_HEADER_LENGTH + params_len;
>
> reject:
> pdu->params_len = htons(1);
> --
> 1.8.3.2
Applied, thanks.
--
Luiz Augusto von Dentz
From: Andrei Emeltchenko <[email protected]>
When handling vendor dependent PDUs len was passed in wrong order to
callback function. It is really wrong to pass such a parameter and
expect that callbacks would handle it.
---
android/avrcp-lib.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
index c78881f..2e5a565 100644
--- a/android/avrcp-lib.c
+++ b/android/avrcp-lib.c
@@ -128,14 +128,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
const struct avrcp_control_handler *handler;
struct avrcp_header *pdu = (void *) operands;
uint32_t company_id = ntoh24(pdu->company_id);
+ uint16_t params_len = ntohs(pdu->params_len);
if (company_id != IEEEID_BTSIG) {
*code = AVC_CTYPE_NOT_IMPLEMENTED;
return 0;
}
- DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id,
- ntohs(pdu->params_len));
+ DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id, params_len);
pdu->packet_type = 0;
pdu->rsvd = 0;
@@ -163,10 +163,12 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
goto reject;
}
- *code = handler->func(session, transaction, &pdu->params_len,
+ *code = handler->func(session, transaction, ¶ms_len,
pdu->params, session->control_data);
- return AVRCP_HEADER_LENGTH + ntohs(pdu->params_len);
+ pdu->params_len = htons(params_len);
+
+ return AVRCP_HEADER_LENGTH + params_len;
reject:
pdu->params_len = htons(1);
--
1.8.3.2
Hi Andrei,
On Tue, Feb 25, 2014 at 3:47 PM, Andrei Emeltchenko
<[email protected]> wrote:
> From: Andrei Emeltchenko <[email protected]>
>
> When handling vendor dependent pdus len was passed in wrong order to
> callback.
> ---
> android/avrcp-lib.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
> index c78881f..c280cf8 100644
> --- a/android/avrcp-lib.c
> +++ b/android/avrcp-lib.c
> @@ -128,14 +128,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
> const struct avrcp_control_handler *handler;
> struct avrcp_header *pdu = (void *) operands;
> uint32_t company_id = ntoh24(pdu->company_id);
> + uint16_t params_len = ntohs(pdu->params_len);
>
> if (company_id != IEEEID_BTSIG) {
> *code = AVC_CTYPE_NOT_IMPLEMENTED;
> return 0;
> }
>
> - DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id,
> - ntohs(pdu->params_len));
> + DBG("AVRCP PDU 0x%02X, len 0x%04X", pdu->pdu_id, params_len);
>
> pdu->packet_type = 0;
> pdu->rsvd = 0;
> @@ -163,10 +163,10 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
> goto reject;
> }
>
> - *code = handler->func(session, transaction, &pdu->params_len,
> + *code = handler->func(session, transaction, ¶ms_len,
> pdu->params, session->control_data);
>
> - return AVRCP_HEADER_LENGTH + ntohs(pdu->params_len);
> + return AVRCP_HEADER_LENGTH + params_len;
>
> reject:
> pdu->params_len = htons(1);
> --
> 1.8.3.2
This will not work, because the response is done using the same buffer
if you don't pass the pdu->param_len the callback cannot overwrite it
with the response length, we might however change the response to be
async since the Android HAL does require that anyway.
--
Luiz Augusto von Dentz