B2G Emulator: Fix bug in amodem_clear_call

RESOLVED FIXED

Status

Firefox OS
Emulator
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: aknow, Assigned: aknow)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

5 years ago
In amodem_clear_call [1], we iterate through |vcall| to |vend| (a calls array) and run amodem_free_call() for each element. However in amodem_free_call() [2], after removing 1 element, it shifts all the element behind the erased one to previous 1 location. Then array size is shrink. |vend| is no longer point to the valid position.

So run the "gsm clear" command when calls is not empty will access the invalid address and crash the emulator

Solution: process the array in reverse order.

[1] http://goo.gl/LorrMg
[2] http://goo.gl/rY4IGX
(Assignee)

Updated

5 years ago
Summary: B2G Emulator: bug in amodem_clear_call → B2G Emulator: Fix bug in amodem_clear_call
(Assignee)

Comment 1

5 years ago
Created attachment 805776 [details]
external/qemu pull request #47
Attachment #805776 - Flags: review?(vyang)
(Assignee)

Updated

5 years ago
Attachment #805776 - Attachment mime type: text/plain → text/html
Comment on attachment 805776 [details]
external/qemu pull request #47

Thank you :)
Attachment #805776 - Flags: review?(vyang) → review+
Merged on Github:
https://github.com/mozilla-b2g/platform_external_qemu/commit/c090c9c7fd2ad760681eff95b96591e0ca368806
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.