Closed Bug 916719 Opened 11 years ago Closed 11 years ago

B2G Emulator: Fix bug in amodem_clear_call

Categories

(Firefox OS Graveyard :: Emulator, defect)

Product:
Firefox OS Graveyard
Component:
Emulator
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: aknow, Assigned: aknow)

References

Details

Attachments

(1 file)

external/qemu pull request #47
282 bytes, text/html
vicamo
: review+
Details 
In amodem_clear_call [1], we iterate through |vcall| to |vend| (a calls array) and run amodem_free_call() for each element. However in amodem_free_call() [2], after removing 1 element, it shifts all the element behind the erased one to previous 1 location. Then array size is shrink. |vend| is no longer point to the valid position.

So run the "gsm clear" command when calls is not empty will access the invalid address and crash the emulator

Solution: process the array in reverse order.

[1] http://goo.gl/LorrMg
[2] http://goo.gl/rY4IGX
Summary: B2G Emulator: bug in amodem_clear_call → B2G Emulator: Fix bug in amodem_clear_call

        Attachment #805776 -
        Flags: review?(vyang)

    
  

        Attachment #805776 -
        Attachment mime type: text/plain → text/html

    
    

    
  
Comment on attachment 805776 [details]
external/qemu pull request #47

Thank you :)

        Attachment #805776 -
        Flags: review?(vyang) → review+

    
    

    
  
Merged on Github:
https://github.com/mozilla-b2g/platform_external_qemu/commit/c090c9c7fd2ad760681eff95b96591e0ca368806
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: