B2G RIL: read length in getSPDI is wrong.

RESOLVED FIXED in Firefox 19

Status

RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: kk1fff, Assigned: kk1fff)

Tracking

unspecified
B2G C3 (12dec-1jan)
ARM
Gonk (Firefox OS)

Firefox Tracking Flags

(blocking-basecamp:+, firefox19 fixed, firefox20 fixed, b2g18 fixed)

Details

(Whiteboard: mno11)

Attachments

(1 attachment, 3 obsolete attachments)

readLen records the bytes that have been read by getSPDI function, and the left bytes are consumed in the end of the function if readLen is less then length. readLen is octet length while length is character length, so readLen is always less than length and cause exception in getSPDI() function.

bb? for getSPDI is a part of a bb+ bug, 793111.
Created attachment 695605 [details] [diff] [review]
Patch: Fix readLen in getSPDI function
Attachment #695605 - Flags: review?(allstars.chh)
Comment on attachment 695605 [details] [diff] [review]
Patch: Fix readLen in getSPDI function

Review of attachment 695605 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/system/gonk/ril_worker.js
@@ +1564,5 @@
>        this.iccInfoPrivate.SPDI = null;
>        while ((readLen < length) && !endLoop) {
>          tlvTag = GsmPDUHelper.readHexOctet();
>          tlvLen = GsmPDUHelper.readHexOctet();
> +        readLen += (2 * 2); // For tag and length fields.

Please use octet as units, as other functions all do this.
Also your tlvLen is measured in 'octets'.
Same as below.

@@ +1578,5 @@
>            break;
>          default:
>            // We don't care about its content if its tag is not SPDI nor
>            // PLMN_LIST.
>            GsmPDUHelper.readHexOctetArray(tlvLen);

Use Buf.seekIncoming(tlvLen * PDU_HEX_OCTET_SIZE)

@@ +1584,5 @@
>          }
>        }
>  
>        // Consume unread octets.
> +      while (readLen < length) {

You should covert length to available octets here.
And you could use Buf.seekIncoming for skipping those unused bytes.
Attachment #695605 - Flags: review?(allstars.chh)
Created attachment 695615 [details] [diff] [review]
Patch: Fix readLen in getSPDI function v2

Use octet as unit of readLen variable.
Attachment #695605 - Attachment is obsolete: true
Attachment #695615 - Flags: review?(allstars.chh)
Created attachment 695633 [details] [diff] [review]
Patch: Fix readLen in getSPDI function v3
Attachment #695615 - Attachment is obsolete: true
Attachment #695615 - Flags: review?(allstars.chh)
Attachment #695633 - Flags: review?(allstars.chh)
Comment on attachment 695633 [details] [diff] [review]
Patch: Fix readLen in getSPDI function v3

Review of attachment 695633 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/system/gonk/ril_worker.js
@@ +1575,5 @@
>            break;
>          default:
>            // We don't care about its content if its tag is not SPDI nor
>            // PLMN_LIST.
> +          endLoop = true;

nit, break;
Attachment #695633 - Flags: review?(allstars.chh) → review+
Created attachment 695648 [details] [diff] [review]
Patch for checking in

r+ in comment 5. fix according to comment 5.
Attachment #695633 - Attachment is obsolete: true
Attachment #695648 - Flags: review+

Updated

6 years ago
Hardware: x86_64 → ARM
Whiteboard: mno11
https://hg.mozilla.org/mozilla-central/rev/54e72e8bbac4
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
blocking-basecamp: ? → +
https://hg.mozilla.org/releases/mozilla-aurora/rev/a4a251e6ca66
https://hg.mozilla.org/releases/mozilla-b2g18/rev/d6bcda76a34d
status-b2g18: --- → fixed
status-firefox19: --- → fixed
status-firefox20: --- → fixed
Target Milestone: --- → B2G C3 (12dec-1jan)
You need to log in before you can comment on or make changes to this bug.