diff options
| author | balakrishna <quic_kunthumu@quicinc.com> | 2023-03-07 16:53:46 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2023-03-23 22:33:44 -0700 |
| commit | 5d9cbb4176b0861d53aaca36d35f7d9716e12657 (patch) | |
| tree | f3012f3ba8584cf296c9013b279e83633ba167a2 | |
| parent | f63676f7b944f826ae8ffbf887ed7f61154aeb01 (diff) | |
BT: Fixing the rfc_slot_id overflow
Root cause:
overflow causing leak in slot fds.
As slot id 0 not valid, we are not able to release these fds later.
Fix:
Changes are made to avoid overflow while allocate rfc slots.
CRs-Fixed: 3417458
Change-Id: I5d7efa34bfb97a6dd8e9d68615d29120a0ae51f0
| -rw-r--r-- | btif/src/btif_sock_rfc.cc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/btif/src/btif_sock_rfc.cc b/btif/src/btif_sock_rfc.cc index a4ad07349..748c1723c 100644 --- a/btif/src/btif_sock_rfc.cc +++ b/btif/src/btif_sock_rfc.cc @@ -215,7 +215,11 @@ static rfc_slot_t* alloc_rfc_slot(const RawAddress* addr, const char* name, } // Increment slot id and make sure we don't use id=0. - if (++rfc_slot_id == 0) rfc_slot_id = 1; + if (UINT32_MAX == rfc_slot_id) { + rfc_slot_id = 1; + } else { + ++rfc_slot_id; + } slot->fd = fds[0]; slot->app_fd = fds[1]; |