diff options
| author | Sylvain Fonteneau <sylvain.fonteneau@trusted-logic.com> | 2011-01-14 15:07:33 +0100 |
|---|---|---|
| committer | Nick Pelly <npelly@google.com> | 2011-01-18 15:30:48 -0800 |
| commit | 42fd1ffc1f8f87e7faca1724d128dafa70ff3b1e (patch) | |
| tree | 54ad6a5bb6230c21d406a8c10ce0d8610382e156 /src | |
| parent | 8608ad938da280b895e3bb71435d6fe34c589219 (diff) | |
| download | external_libnfc-nxp-42fd1ffc1f8f87e7faca1724d128dafa70ff3b1e.zip external_libnfc-nxp-42fd1ffc1f8f87e7faca1724d128dafa70ff3b1e.tar.gz external_libnfc-nxp-42fd1ffc1f8f87e7faca1724d128dafa70ff3b1e.tar.bz2 | |
Fixed erroneous LLCP frame on socket closure.
Moved data allocation from stack memory to heap in order
to avoid invalid memory access.
Previously, When trying to send a DM (acknowledgment to
socket disconnect request), the stack was allocating some
frame data on the stack but these data were used after the
function returned.
Other calls to the same function are already using variables
allocated on heap.
Change-Id: Id7356a876fdecdd979ed3ddc6dbe100d6e92d43d
Diffstat (limited to 'src')
| -rw-r--r-- | src/phFriNfc_LlcpTransport.h | 2 | ||||
| -rw-r--r-- | src/phFriNfc_LlcpTransport_Connection.c | 22 |
2 files changed, 11 insertions, 13 deletions
diff --git a/src/phFriNfc_LlcpTransport.h b/src/phFriNfc_LlcpTransport.h index 9b35482..2aff8ea 100644 --- a/src/phFriNfc_LlcpTransport.h +++ b/src/phFriNfc_LlcpTransport.h @@ -246,6 +246,8 @@ struct phFriNfc_LlcpTransport phFriNfc_Llcp_sPacketSequence_t sSequence; /**< Info field of pending DM packet*/ + phFriNfc_Llcp_sPacketHeader_t sDmHeader; + phNfc_sData_t sDmPayload; uint8_t DmInfoBuffer[3]; uint8_t LinkStatusError; diff --git a/src/phFriNfc_LlcpTransport_Connection.c b/src/phFriNfc_LlcpTransport_Connection.c index 93dde68..9746d5b 100644 --- a/src/phFriNfc_LlcpTransport_Connection.c +++ b/src/phFriNfc_LlcpTransport_Connection.c @@ -377,9 +377,6 @@ static NFCSTATUS phFriNfc_Llcp_Send_DisconnectMode_Frame(phFriNfc_LlcpTransport_ uint8_t dmOpCode) { NFCSTATUS status = NFCSTATUS_SUCCESS; - phFriNfc_Llcp_sPacketHeader_t sLocalLlcpHeader; - uint8_t dmValue; - phNfc_sData_t sLocalBuffer; /* Test if a send is pending */ if(psTransport->bSendPending) @@ -396,25 +393,24 @@ static NFCSTATUS phFriNfc_Llcp_Send_DisconnectMode_Frame(phFriNfc_LlcpTransport_ } else { - /* Store the DM OpCode */ - dmValue = dmOpCode; - /* Set the header */ - sLocalLlcpHeader.dsap = dsap; - sLocalLlcpHeader.ptype = PHFRINFC_LLCP_PTYPE_DM; - sLocalLlcpHeader.ssap = ssap; + psTransport->sDmHeader.dsap = dsap; + psTransport->sDmHeader.ptype = PHFRINFC_LLCP_PTYPE_DM; + psTransport->sDmHeader.ssap = ssap; - sLocalBuffer.buffer = &dmValue; - sLocalBuffer.length = PHFRINFC_LLCP_DM_LENGTH; + /* Save Operation Code to be provided in DM frame payload */ + psTransport->DmInfoBuffer[2] = dmOpCode; + psTransport->sDmPayload.buffer = &psTransport->DmInfoBuffer[2]; + psTransport->sDmPayload.length = PHFRINFC_LLCP_DM_LENGTH; /* Send Pending */ psTransport->bSendPending = TRUE; /* Send DM frame */ status = phFriNfc_Llcp_Send(psTransport->pLlcp, - &sLocalLlcpHeader, + &psTransport->sDmHeader, NULL, - &sLocalBuffer, + &psTransport->sDmPayload, phFriNfc_LlcpTransport_ConnectionOriented_SendLlcp_CB, psTransport); } |