Replace variable-length arrays on stack with malloc.

author Amit Mahajan <amitmahajan@google.com>

Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)

committer Amit Mahajan <amitmahajan@google.com>

Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)
author Amit Mahajan <amitmahajan@google.com>
Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)
committer Amit Mahajan <amitmahajan@google.com>
Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)
diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp

index ecb04ed..33eabb5 100644 (file)
--- a/libril/RilSapSocket.cpp
+++ b/libril/RilSapSocket.cpp
@@ -345,7 +345,12 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) {
      if ((success = pb_get_encoded_size(&encoded_size, MsgHeader_fields,
          hdr)) && encoded_size <= INT32_MAX && commandFd != -1) {
          buffer_size = encoded_size + sizeof(uint32_t);
-        uint8_t buffer[buffer_size];
+        uint8_t* buffer = (uint8_t*)malloc(buffer_size);
+        if (!buffer) {
+            RLOGE("sendResponse: OOM");
+            pthread_mutex_unlock(&write_lock);
+            return;
+        }
          written_size = htonl((uint32_t) encoded_size);
          ostream = pb_ostream_from_buffer(buffer, buffer_size);
          pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size));
@@ -367,6 +372,7 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) {
              RLOGE("Error while encoding response of type %d id %d buffer_size: %zu: %s.",
                      hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream));
          }
+        free(buffer);
      } else {
          RLOGE("Not sending response type %d: encoded_size: %zu. commandFd: %d. encoded size result:\
                  %d", hdr->type, encoded_size, commandFd, success);
@@ -438,7 +444,11 @@ void RilSapSocket::sendDisconnect() {
     if ((success = pb_get_encoded_size(&encoded_size, RIL_SIM_SAP_DISCONNECT_REQ_fields,
          &disconnectReq)) && encoded_size <= INT32_MAX) {
          buffer_size = encoded_size + sizeof(uint32_t);
-        uint8_t buffer[buffer_size];
+        uint8_t* buffer = (uint8_t*)malloc(buffer_size);
+        if (!buffer) {
+            RLOGE("sendDisconnect: OOM");
+            return;
+        }
          written_size = htonl((uint32_t) encoded_size);
          ostream = pb_ostream_from_buffer(buffer, buffer_size);
          pb_write(&ostream, (uint8_t *)&written_size, sizeof(written_size));
@@ -470,6 +480,7 @@ void RilSapSocket::sendDisconnect() {
          else {
              RLOGE("Encode failed in send disconnect!");
          }
+        free(buffer);
      }
  }
author	Amit Mahajan <amitmahajan@google.com>
	Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)
committer	Amit Mahajan <amitmahajan@google.com>
	Mon, 15 Aug 2016 16:06:34 +0000 (09:06 -0700)