diff options
| author | Aleksander Morgado <aleksandermj@chromium.org> | 2023-09-29 08:16:41 +0000 |
|---|---|---|
| committer | Aleksander Morgado <aleksandermj@chromium.org> | 2023-09-29 08:53:17 +0000 |
| commit | e2d4592f60f84acb360d1eb3db57a9a971eafa27 (patch) | |
| tree | 6bc7f5d1cb85cc107266a148b857abd59e4fb114 /src/libqmi-glib | |
| parent | 61da92400cc4e44a5716798525df88c757535ff1 (diff) | |
libqmi-glib,message: ensure service id fits when creating for data
The QmiService enum is a 32bit value, we need to ensure we don't get
unexpected values when trying to create a new message.
Diffstat (limited to 'src/libqmi-glib')
| -rw-r--r-- | src/libqmi-glib/qmi-message.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/libqmi-glib/qmi-message.c b/src/libqmi-glib/qmi-message.c index 6c4c196..96f1b9a 100644 --- a/src/libqmi-glib/qmi-message.c +++ b/src/libqmi-glib/qmi-message.c @@ -512,10 +512,13 @@ qmi_message_new_from_data (QmiService service, GByteArray *qmi_data, GError **error) { - GByteArray *self; - struct full_message *buffer; - gsize buffer_len; - gsize message_len; + g_autoptr(GByteArray) self = NULL; + struct full_message *buffer; + gsize buffer_len; + gsize message_len; + + /* Service must fit in 16 bits */ + g_return_val_if_fail (service <= G_MAXUINT16, NULL); /* Create array with enough size for the QMUX marker and QMUX header, and * with enough room to copy the rest of the message into */ @@ -542,25 +545,23 @@ qmi_message_new_from_data (QmiService service, buffer->header.qmux.flags = 0; buffer->header.qmux.service = (guint8) service; buffer->header.qmux.client = client_id; - } else { + } else if (service <= G_MAXUINT16) { buffer->marker = QMI_MESSAGE_QRTR_MARKER; buffer->header.qrtr.length = GUINT16_TO_LE (buffer_len - 1); buffer->header.qrtr.service = (guint16) service; buffer->header.qrtr.client = client_id; - } + } else + g_assert_not_reached (); /* Move bytes from the qmi_data array to the newly created message */ memcpy (&buffer->qmi, qmi_data->data, message_len); g_byte_array_remove_range (qmi_data, 0, message_len); /* Check input message validity as soon as we create the QmiMessage */ - if (!message_check (self, error)) { - /* Yes, we lose the whole message here */ - qmi_message_unref (self); + if (!message_check (self, error)) return NULL; - } - return (QmiMessage *)self; + return (QmiMessage *) g_steal_pointer (&self); } QmiMessage * |