Return-Path: MIME-Version: 1.0 In-Reply-To: References: <1334786904-26282-1-git-send-email-jprvita@openbossa.org> <1334786904-26282-9-git-send-email-jprvita@openbossa.org> Date: Thu, 26 Apr 2012 16:43:12 -0300 Message-ID: Subject: Re: [RFC v2 08/16] HoG: add report notification handler From: Joao Paulo Rechi Vita To: Anderson Lizardo Cc: linux-bluetooth@vger.kernel.org, claudio.takahasi@openbossa.org Content-Type: text/plain; charset=UTF-8 Sender: linux-bluetooth-owner@vger.kernel.org List-ID: 2012/4/20 Anderson Lizardo : > Hi João, > > 2012/4/18 João Paulo Rechi Vita : >> --- >>  input/hog_device.c |   21 +++++++++++++++++++++ >>  1 files changed, 21 insertions(+), 0 deletions(-) >> >> diff --git a/input/hog_device.c b/input/hog_device.c >> index ac6d4c9..5df6879 100644 >> --- a/input/hog_device.c >> +++ b/input/hog_device.c >> @@ -71,9 +71,27 @@ static void report_free(struct report *report) >>        g_free(report); >>  } >> >> +static void report_value_cb(const uint8_t *pdu, uint16_t len, gpointer user_data) >> +{ >> +       uint16_t handle; >> + >> +       if (len < 3) { > > I suppose the check should be (len < 10) here ? Otherwise the DBG() > call will read invalid data. > >> +               error("Malformed ATT notification"); >> +               return; >> +       } >> + >> +       handle = att_get_u16(&pdu[1]); >> + >> +       DBG("Report(0x%04x): 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x " >> +                               "0x%02x", handle, pdu[2], pdu[3], pdu[4], >> +                               pdu[5], pdu[6], pdu[7], pdu[8], pdu[9]); > > This DBG() seems strange. If handle starts at (pdu + 1) and has two > octets, the remaining bytes should start at (pdu + 3). > The right thing to do here is to keep the initial check for len < 3 (1-byte opcode + 2-byte handle) and remove this debug entirely. It was helpful during development, but normally we won't want one debug message for every input event, even in debug mode. -- João Paulo Rechi Vita Openbossa Labs - INdT