bluelab stereo 2009.R2 Inquiry시 iPhone이 검색되면 panic되는 문제
확인 결과
Dm_inquiry_handler.c 에서 inquiryParseEir()함수 사용 시 null pointer참조 문제가 있었다.
static uint8* inquiryParseEir(uint8* size_eir_data, uint8 *inquiry_data[HCI_EIR_DATA_PACKET_PTRS])
{
uint8 i, j;
uint8* eir_data = NULL;
uint8* eir_data_part = NULL;
uint8* p;
/* Work out the number of EIR data parts */
for(i=0 ; inquiry_data[i] != NULL ; i++)
{}
if(i>0)
{
/* Allocate memory for the EIR data */
*size_eir_data = ((i-1) * HCI_EIR_DATA_BYTES_PER_PTR);
eir_data = PanicUnlessMalloc(*size_eir_data);
/* Point to first data part */
p = eir_data;
/* Copy all data except for last data part */
for(j=0;j<(i-1);j++)
{
/* Get data part j and copy to p */
eir_data_part = VmGetPointerFromHandle(inquiry_data[j]);
memmove(p,eir_data_part,HCI_EIR_DATA_BYTES_PER_PTR);
free(eir_data_part);
/* Point to next data part */
p += HCI_EIR_DATA_BYTES_PER_PTR;
}
/* Get the last data part */
eir_data_part = VmGetPointerFromHandle(inquiry_data[i-1]);
/* Work out how much actual data there is in it */
for(j=(HCI_EIR_DATA_BYTES_PER_PTR-1); (eir_data_part[j] == 0) && (j > 0); j--)
{}
j++;
/* Realloc eir data to fit in the last bit */
eir_data = realloc(eir_data, *size_eir_data + j + 1);
/* Point p to the new section (data may have moved during realloc) */
p = eir_data + *size_eir_data;
*size_eir_data += (j+1);
/* Copy in the data */
memmove(p,eir_data_part,j);
free(eir_data_part);
/* Terminate data */
p+=j;
*p = 0;
}
else
{
*size_eir_data = 0;
eir_data = NULL;
}
return eir_data;
}
'BlueTooth > 기본기' 카테고리의 다른 글
| Security Mode (1) | 2014.06.24 |
|---|---|
| Vega series에서 HID가 connecting state에 머물러 있음 (0) | 2014.03.27 |
| Bluetooth Packet Type (0) | 2013.11.06 |
| quoted-printable decoder (0) | 2013.06.03 |
| synergy MessageSendLater (0) | 2011.04.19 |
| Apple 개발문서 (4) | 2010.03.15 |
| Peer-to-Peer Connectivity (0) | 2010.03.04 |
| iphone간 bluetooth 연결 sample (1) | 2010.03.04 |
| 아이폰 블루투스 프로그래밍 (3) | 2010.03.03 |
| bluetooth keypad (0) | 2010.02.10 |