diff options
Diffstat (limited to 'wifi/1.6')
| -rw-r--r-- | wifi/1.6/default/ringbuffer.cpp | 12 | ||||
| -rw-r--r-- | wifi/1.6/default/ringbuffer.h | 10 | ||||
| -rw-r--r-- | wifi/1.6/default/wifi_chip.cpp | 14 |
3 files changed, 31 insertions, 5 deletions
diff --git a/wifi/1.6/default/ringbuffer.cpp b/wifi/1.6/default/ringbuffer.cpp index 6d4ed843c3..981bf7bce7 100644 --- a/wifi/1.6/default/ringbuffer.cpp +++ b/wifi/1.6/default/ringbuffer.cpp @@ -26,20 +26,26 @@ namespace implementation { Ringbuffer::Ringbuffer(size_t maxSize) : size_(0), maxSize_(maxSize) {} -void Ringbuffer::append(const std::vector<uint8_t>& input) { +enum Ringbuffer::AppendStatus Ringbuffer::append(const std::vector<uint8_t>& input) { if (input.size() == 0) { - return; + return AppendStatus::FAIL_IP_BUFFER_ZERO; } if (input.size() > maxSize_) { LOG(INFO) << "Oversized message of " << input.size() << " bytes is dropped"; - return; + return AppendStatus::FAIL_IP_BUFFER_EXCEEDED_MAXSIZE; } data_.push_back(input); size_ += input.size() * sizeof(input[0]); while (size_ > maxSize_) { + if (data_.front().size() <= 0 || data_.front().size() > maxSize_) { + LOG(ERROR) << "First buffer in the ring buffer is Invalid. Size: " + << data_.front().size(); + return AppendStatus::FAIL_RING_BUFFER_CORRUPTED; + } size_ -= data_.front().size() * sizeof(data_.front()[0]); data_.pop_front(); } + return AppendStatus::SUCCESS; } const std::list<std::vector<uint8_t>>& Ringbuffer::getData() const { diff --git a/wifi/1.6/default/ringbuffer.h b/wifi/1.6/default/ringbuffer.h index 8571a9f3d4..c6a1e4c52d 100644 --- a/wifi/1.6/default/ringbuffer.h +++ b/wifi/1.6/default/ringbuffer.h @@ -31,11 +31,19 @@ namespace implementation { */ class Ringbuffer { public: + // Error codes for the append ring buffer operation + enum AppendStatus { + SUCCESS, + FAIL_GENERIC, + FAIL_IP_BUFFER_ZERO, + FAIL_IP_BUFFER_EXCEEDED_MAXSIZE, + FAIL_RING_BUFFER_CORRUPTED + }; explicit Ringbuffer(size_t maxSize); // Appends the data buffer and deletes from the front until buffer is // within |maxSize_|. - void append(const std::vector<uint8_t>& input); + enum AppendStatus append(const std::vector<uint8_t>& input); const std::list<std::vector<uint8_t>>& getData() const; void clear(); diff --git a/wifi/1.6/default/wifi_chip.cpp b/wifi/1.6/default/wifi_chip.cpp index f062409d4e..c7c00b17fd 100644 --- a/wifi/1.6/default/wifi_chip.cpp +++ b/wifi/1.6/default/wifi_chip.cpp @@ -1613,6 +1613,7 @@ WifiStatus WifiChip::registerDebugRingBufferCallback() { return; } WifiDebugRingBufferStatus hidl_status; + Ringbuffer::AppendStatus appendstatus; if (!hidl_struct_util::convertLegacyDebugRingBufferStatusToHidl(status, &hidl_status)) { LOG(ERROR) << "Error converting ring buffer status"; @@ -1623,13 +1624,19 @@ WifiStatus WifiChip::registerDebugRingBufferCallback() { const auto& target = shared_ptr_this->ringbuffer_map_.find(name); if (target != shared_ptr_this->ringbuffer_map_.end()) { Ringbuffer& cur_buffer = target->second; - cur_buffer.append(data); + appendstatus = cur_buffer.append(data); } else { LOG(ERROR) << "Ringname " << name << " not found"; return; } // unique_lock unlocked here } + if (appendstatus == Ringbuffer::AppendStatus::FAIL_RING_BUFFER_CORRUPTED) { + LOG(ERROR) << "Ringname " << name << " is corrupted. Clear the ring buffer"; + shared_ptr_this->writeRingbufferFilesInternal(); + return; + } + }; legacy_hal::wifi_error legacy_status = legacy_hal_.lock()->registerRingBufferCallbackHandler( getFirstActiveWlanIfaceName(), on_ring_buffer_data_callback); @@ -1971,6 +1978,11 @@ bool WifiChip::writeRingbufferFilesInternal() { } unique_fd file_auto_closer(dump_fd); for (const auto& cur_block : cur_buffer.getData()) { + if (cur_block.size() <= 0 || cur_block.size() > kMaxBufferSizeBytes) { + PLOG(ERROR) << "Ring buffer: " << item.first + << " is corrupted. Invalid block size: " << cur_block.size(); + break; + } if (write(dump_fd, cur_block.data(), sizeof(cur_block[0]) * cur_block.size()) == -1) { PLOG(ERROR) << "Error writing to file"; |