service and add null-checks.
The payload of a SAP request could be freed twice in certain scenarios.
Also, add null-checks to prevent dereferencing of null pointers.
Bug: 64729356
Test: Manually run the fuzz tests and ensure that there is no crash in
rild
Change-Id: Ib7ae269fa5297d6acea267337b220b8858c82bae
RIL_RadioFunctions
Re-add constant for function pointer table to
RIL_RadioFunctions. Const was accidentally removed
during a warnings cleanup.
Bug: 64231560
Test: compilation
Change-Id: I93675980c51d9162f624495d12fe3c97f1da8031
clang is the default compiler since Android nougat
Change-Id: I0555fa8067352fd43b47aabe80be1224597da17e
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
* Sometimes, the modem is sending 1-2 extra fields with
the country mcc, which confuses ServiceStateTracker
* Drop the extra data here, instead of in our RIL class
[haggertk]: Forward port to ril-caf on lineage-15.
Change-Id: Ifbec67bb0dac271226bd8b5471deaf6a2ef33f2b
* Checking numInts and numStrings for strict equality when
we're not looping is dumb, because Samsung is notorious
for sending extra information in their RIL
* Check if there's *enough* data rather than the *exact amount*
to fix a bunch of invalid response errors
Change-Id: I14bc37240e5760b4629fcb74b64f25ad95d4fdfc
Before:
if (response == NULL || numStrings != 3) {
After:
if (response == NULL || numStrings != mqanelements - 2) {
This patch fixes the logic so we don't change the value check.
"mqanelements" is not related to getOperatorResponse, so get get rid of
the affected code.
Change-Id: I86c6ae7b7492a5d04fbc8dc415c4f615e7d05bab
Exynos4 devices send two ints as a response to this request,
causing responseFailCause to think the result is a LastCallFailCause struct,
which it then tries to treat as a Java UTF-8 encoded string, causing a
crash.
Work around this by forcing responseInts (the original behaviour)
on Exynos4 devices.
Change-Id: Ied14948db3049066ffc760b6d3df09b4cefa2df0
* Instead of messing around with indices, look up
the requestNumber in the array.
* This has a cost of O(N) instead of O(1) with the
previous implementation, but we don't receive unsol
response codes frequently enough to be worried about
this.
* This was needed because a few vendor reponses, aka
RIL_UNSOL_SNDMGR_WB_AMR_REPORT at index 33 and
RIL_UNSOL_SNDMGR_CLOCK_CTRL at index 34
could not be addressed by their array indices anymore
because we cannot calculate their index by the unsol
response code we receive from the modem.
Change-Id: I27319e621c777fe19ae8908d7e0c4a46d6dd6d3b
* Adjusted whitespace to minimize diffs
* Plugged memory leaks
* Fix use-after-free
* Use calloc instead of alloca
* Reworked the Samsung request/response code to be
more readable
Change-Id: Ifd07b525fc84e8a3fca584d4d412785974ca3482
The difference between a v5 and v6 CardStatus response is the addition
of ims_subscription_app_index. In previous releases libril added a -1
to the Parcel in its place for transparent handling of GET_SIM_STATUS
everywhere else regardless of v5 or v6 responses, but it was erroneously
removed in change I4e53c6125995064b8ac0cdfc9376ef2cefe69ec8
Change-Id: I078b61d2f6dc28f738e8eb87f51193fa0bd94c7d
Get the address,sub address,Bearer with dynamic length in the data parcel,
to avoid the OutOfBoundsException with the MAX macro.
BUG=26856156
Change-Id: I1d7437143c1369d77791136b68e06088acd72937
This gerrit adds error codes for messages related
to SMS and set_mute, get_mute requests
Bug: 27038563
Change-Id: I4991e4a38c81501c39e91cfd5df90d8288f542ad
wakelock.
+ New type is added as ack from RIL java should be sent only for unsolicited mesgs
which hold wakelock in ril.cpp.
Bug: 22127517
Change-Id: Ib7e920d168ab92665283f80476bad3f5ede033e4
Modify condition to use SimRefreshResponse struct in
all RIL Versions greater than 7.
BUG=21075857
Change-Id: Ifde00434bfcaecf3b4c32392fc4964fe3b43f6b5
+ Added documentation for new RIL versioning format.
+ Changes associated to new RIl versioning format.
Bug: 25779475
Change-Id: I4e53c6125995064b8ac0cdfc9376ef2cefe69ec8
* These workarounds were introduced before http://review.cyanogenmod.org/#/c/159520/
and are no longer needed because the framework now has dynamic QAN element support.
Setting the ro.ril.telephony.mqanelements to a proper value should fix the operator
search on all the devices and these workarounds are no longer required.
* http://review.cyanogenmod.org/#/c/100398/ discards every 5th QAN element which breaks
devices with libsec-ril that returns more than 5 QAN elements. zeroflte and noblelte
return 6 QAN elements and the 5th element was being discarded instead of 6th.
* The code assumes 5 QAN elements per operator which doesn't hold true for all devices.
* In case of devices with 6 QAN elements, the size of the string array was a multiple
of 6, but since we are discarding the 5th element, the contents of the string pertaining
to each operator is a multiple of 5 following by trailing null strings in the array,
which caused issues in the framework while trying to read the strings, since we are
expecting 6 strings per operator and with a discarded string, we only receive 5.
Thanks to Javi Ferrer for diagnosing the issue on zeroflte
Change-Id: I2e99291f3438998a253755a19a063d15a19d63e0
Copying headers makes fixing compile errors hard, and breaks dependency
restrictions. Move ril_ex.h to an exported include directory instead of
copying it.
Bug: 18903857
Change-Id: I4b59a01e442db0d3198def69a5a5ff17b2a41c66
There is a buffer overflow which causing rild crash. For
appendPrintBuf, "sprintf" is replaced with "snprintf" for
the safe copy operation.
Bug:23289936
Change-Id: I25430a5c6f2a8b19a3271235323499b6ee802746