MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed incorrect casting for SystemStatus::setNetworkInfo call

Browse source 
An incorrect casting at SystemStatus::eventDataItemNotify was causing a
heap overflow when trying to cast NetworkInfoDataItem into
SystemStatusNetworkInfo, that is bigger.

Change-Id: I3fbd88a1daf210c3c687a6f49ad868968a6efd96
CRs-fixed: 2137958
This commit is contained in:
Kevin Tang 2017-12-08 18:18:03 -08:00
parent bac0979ae6
commit 53a1aa5ed5
2 changed files with 100 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
core/SystemStatus.cpp
View file

@ -1301,12 +1301,11 @@ SystemStatus::SystemStatus(const MsgTask* msgTask) :
/******************************************************************************
SystemStatus - storing dataitems
******************************************************************************/
bool SystemStatus::setNetworkInfo(const SystemStatusNetworkInfo& s)
template <typename TYPE_SYSTEMSTATUS_ITEM, typename TYPE_REPORT, typename TYPE_ITEMBASE>
bool SystemStatus::setItemBaseinReport(TYPE_REPORT& report, const TYPE_ITEMBASE& s)
{
mConnected = s.mConnected;
SystemStatusNetworkInfo sout = s;
sout.mType = s.getType();
return setIteminReport(mCache.mNetworkInfo, sout);
TYPE_SYSTEMSTATUS_ITEM sout(s);
return setIteminReport(report, sout);
}
template <typename TYPE_REPORT, typename TYPE_ITEM>
@ -1451,93 +1450,94 @@ bool SystemStatus::eventDataItemNotify(IDataItemCore* dataitem)
switch(dataitem->getId())
{
case AIRPLANEMODE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mAirplaneMode,
*(static_cast<SystemStatusAirplaneMode*>(dataitem)));
ret = setItemBaseinReport<SystemStatusAirplaneMode>(mCache.mAirplaneMode,
*(static_cast<AirplaneModeDataItemBase*>(dataitem)));
break;
case ENH_DATA_ITEM_ID:
ret = setIteminReport(mCache.mENH,
*(static_cast<SystemStatusENH*>(dataitem)));
ret = setItemBaseinReport<SystemStatusENH>(mCache.mENH,
*(static_cast<ENHDataItemBase*>(dataitem)));
break;
case GPSSTATE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mGPSState,
*(static_cast<SystemStatusGpsState*>(dataitem)));
ret = setItemBaseinReport<SystemStatusGpsState>(mCache.mGPSState,
*(static_cast<GPSStateDataItemBase*>(dataitem)));
break;
case NLPSTATUS_DATA_ITEM_ID:
ret = setIteminReport(mCache.mNLPStatus,
*(static_cast<SystemStatusNLPStatus*>(dataitem)));
ret = setItemBaseinReport<SystemStatusNLPStatus>(mCache.mNLPStatus,
*(static_cast<NLPStatusDataItemBase*>(dataitem)));
break;
case WIFIHARDWARESTATE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mWifiHardwareState,
*(static_cast<SystemStatusWifiHardwareState*>(dataitem)));
ret = setItemBaseinReport<SystemStatusWifiHardwareState>(mCache.mWifiHardwareState,
*(static_cast<WifiHardwareStateDataItemBase*>(dataitem)));
break;
case NETWORKINFO_DATA_ITEM_ID:
// need special handling for this item to map emums
ret = setNetworkInfo(
*(static_cast<SystemStatusNetworkInfo*>(dataitem)));
ret = setItemBaseinReport<SystemStatusNetworkInfo>(mCache.mNetworkInfo,
*(static_cast<NetworkInfoDataItemBase*>(dataitem)));
break;
case RILSERVICEINFO_DATA_ITEM_ID:
ret = setIteminReport(mCache.mRilServiceInfo,
*(static_cast<SystemStatusServiceInfo*>(dataitem)));
ret = setItemBaseinReport<SystemStatusServiceInfo>(mCache.mRilServiceInfo,
*(static_cast<RilServiceInfoDataItemBase*>(dataitem)));
break;
case RILCELLINFO_DATA_ITEM_ID:
ret = setIteminReport(mCache.mRilCellInfo,
*(static_cast<SystemStatusRilCellInfo*>(dataitem)));
ret = setItemBaseinReport<SystemStatusRilCellInfo>(mCache.mRilCellInfo,
*(static_cast<RilCellInfoDataItemBase*>(dataitem)));
break;
case SERVICESTATUS_DATA_ITEM_ID:
ret = setIteminReport(mCache.mServiceStatus,
*(static_cast<SystemStatusServiceStatus*>(dataitem)));
ret = setItemBaseinReport<SystemStatusServiceStatus>(mCache.mServiceStatus,
*(static_cast<ServiceStatusDataItemBase*>(dataitem)));
break;
case MODEL_DATA_ITEM_ID:
ret = setIteminReport(mCache.mModel,
*(static_cast<SystemStatusModel*>(dataitem)));
ret = setItemBaseinReport<SystemStatusModel>(mCache.mModel,
*(static_cast<ModelDataItemBase*>(dataitem)));
break;
case MANUFACTURER_DATA_ITEM_ID:
ret = setIteminReport(mCache.mManufacturer,
*(static_cast<SystemStatusManufacturer*>(dataitem)));
ret = setItemBaseinReport<SystemStatusManufacturer>(mCache.mManufacturer,
*(static_cast<ManufacturerDataItemBase*>(dataitem)));
break;
case ASSISTED_GPS_DATA_ITEM_ID:
ret = setIteminReport(mCache.mAssistedGps,
*(static_cast<SystemStatusAssistedGps*>(dataitem)));
ret = setItemBaseinReport<SystemStatusAssistedGps>(mCache.mAssistedGps,
*(static_cast<AssistedGpsDataItemBase*>(dataitem)));
break;
case SCREEN_STATE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mScreenState,
*(static_cast<SystemStatusScreenState*>(dataitem)));
ret = setItemBaseinReport<SystemStatusScreenState>(mCache.mScreenState,
*(static_cast<ScreenStateDataItemBase*>(dataitem)));
break;
case POWER_CONNECTED_STATE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mPowerConnectState,
*(static_cast<SystemStatusPowerConnectState*>(dataitem)));
ret = setItemBaseinReport<SystemStatusPowerConnectState>(mCache.mPowerConnectState,
*(static_cast<PowerConnectStateDataItemBase*>(dataitem)));
break;
case TIMEZONE_CHANGE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mTimeZoneChange,
*(static_cast<SystemStatusTimeZoneChange*>(dataitem)));
ret = setItemBaseinReport<SystemStatusTimeZoneChange>(mCache.mTimeZoneChange,
*(static_cast<TimeZoneChangeDataItemBase*>(dataitem)));
break;
case TIME_CHANGE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mTimeChange,
*(static_cast<SystemStatusTimeChange*>(dataitem)));
ret = setItemBaseinReport<SystemStatusTimeChange>(mCache.mTimeChange,
*(static_cast<TimeChangeDataItemBase*>(dataitem)));
break;
case WIFI_SUPPLICANT_STATUS_DATA_ITEM_ID:
ret = setIteminReport(mCache.mWifiSupplicantStatus,
*(static_cast<SystemStatusWifiSupplicantStatus*>(dataitem)));
ret = setItemBaseinReport<SystemStatusWifiSupplicantStatus>(
mCache.mWifiSupplicantStatus,
*(static_cast<WifiSupplicantStatusDataItemBase*>(dataitem)));
break;
case SHUTDOWN_STATE_DATA_ITEM_ID:
ret = setIteminReport(mCache.mShutdownState,
*(static_cast<SystemStatusShutdownState*>(dataitem)));
ret = setItemBaseinReport<SystemStatusShutdownState>(mCache.mShutdownState,
*(static_cast<ShutdownStateDataItemBase*>(dataitem)));
break;
case TAC_DATA_ITEM_ID:
ret = setIteminReport(mCache.mTac,
*(static_cast<SystemStatusTac*>(dataitem)));
ret = setItemBaseinReport<SystemStatusTac>(mCache.mTac,
*(static_cast<TacDataItemBase*>(dataitem)));
break;
case MCCMNC_DATA_ITEM_ID:
ret = setIteminReport(mCache.mMccMnc,
*(static_cast<SystemStatusMccMnc*>(dataitem)));
ret = setItemBaseinReport<SystemStatusMccMnc>(mCache.mMccMnc,
*(static_cast<MccmncDataItemBase*>(dataitem)));
break;
case BTLE_SCAN_DATA_ITEM_ID:
ret = setIteminReport(mCache.mBtDeviceScanDetail,
*(static_cast<SystemStatusBtDeviceScanDetail*>(dataitem)));
ret = setItemBaseinReport<SystemStatusBtDeviceScanDetail>(mCache.mBtDeviceScanDetail,
*(static_cast<BtDeviceScanDetailsDataItemBase*>(dataitem)));
break;
case BT_SCAN_DATA_ITEM_ID:
ret = setIteminReport(mCache.mBtLeDeviceScanDetail,
*(static_cast<SystemStatusBtleDeviceScanDetail*>(dataitem)));
ret = setItemBaseinReport<SystemStatusBtleDeviceScanDetail>(
mCache.mBtLeDeviceScanDetail,
*(static_cast<BtLeDeviceScanDetailsDataItemBase*>(dataitem)));
break;
default:
break;

55
core/SystemStatus.h
View file

@ -391,6 +391,8 @@ class SystemStatusAirplaneMode : public SystemStatusItemBase,
public:
inline SystemStatusAirplaneMode(bool mode=false) :
AirplaneModeDataItemBase(mode) {}
inline SystemStatusAirplaneMode(const AirplaneModeDataItemBase& itemBase) :
AirplaneModeDataItemBase(itemBase) {}
inline bool equals(const SystemStatusAirplaneMode& peer) {
return (mMode == peer.mMode);
}
@ -402,6 +404,8 @@ class SystemStatusENH : public SystemStatusItemBase,
public:
inline SystemStatusENH(bool enabled=false) :
ENHDataItemBase(enabled) {}
inline SystemStatusENH(const ENHDataItemBase& itemBase) :
ENHDataItemBase(itemBase) {}
inline bool equals(const SystemStatusENH& peer) {
return (mEnabled == peer.mEnabled);
}
@ -413,6 +417,8 @@ class SystemStatusGpsState : public SystemStatusItemBase,
public:
inline SystemStatusGpsState(bool enabled=false) :
GPSStateDataItemBase(enabled) {}
inline SystemStatusGpsState(const GPSStateDataItemBase& itemBase) :
GPSStateDataItemBase(itemBase) {}
inline bool equals(const SystemStatusGpsState& peer) {
return (mEnabled == peer.mEnabled);
}
@ -427,6 +433,8 @@ class SystemStatusNLPStatus : public SystemStatusItemBase,
public:
inline SystemStatusNLPStatus(bool enabled=false) :
NLPStatusDataItemBase(enabled) {}
inline SystemStatusNLPStatus(const NLPStatusDataItemBase& itemBase) :
NLPStatusDataItemBase(itemBase) {}
inline bool equals(const SystemStatusNLPStatus& peer) {
return (mEnabled == peer.mEnabled);
}
@ -438,6 +446,8 @@ class SystemStatusWifiHardwareState : public SystemStatusItemBase,
public:
inline SystemStatusWifiHardwareState(bool enabled=false) :
WifiHardwareStateDataItemBase(enabled) {}
inline SystemStatusWifiHardwareState(const WifiHardwareStateDataItemBase& itemBase) :
WifiHardwareStateDataItemBase(itemBase) {}
inline bool equals(const SystemStatusWifiHardwareState& peer) {
return (mEnabled == peer.mEnabled);
}
@ -461,6 +471,10 @@ public:
available,
connected,
roaming) {}
inline SystemStatusNetworkInfo(const NetworkInfoDataItemBase& itemBase) :
NetworkInfoDataItemBase(itemBase) {
mType = itemBase.getType();
}
inline bool equals(const SystemStatusNetworkInfo& peer) {
if ((mType == peer.mType) &&
(mTypeName == peer.mTypeName) &&
@ -470,8 +484,8 @@ public:
(mRoaming == peer.mRoaming)) {
return true;
}
return false;
}
return false;
}
inline void dump(void) override {
LOC_LOGD("NetworkInfo: type=%u connected=%u", mType, mConnected);
}
@ -483,6 +497,8 @@ class SystemStatusServiceInfo : public SystemStatusItemBase,
public:
inline SystemStatusServiceInfo() :
RilServiceInfoDataItemBase() {}
inline SystemStatusServiceInfo(const RilServiceInfoDataItemBase& itemBase) :
RilServiceInfoDataItemBase(itemBase) {}
inline bool equals(const SystemStatusServiceInfo& /*peer*/) {
return true;
}
@ -494,6 +510,8 @@ class SystemStatusRilCellInfo : public SystemStatusItemBase,
public:
inline SystemStatusRilCellInfo() :
RilCellInfoDataItemBase() {}
inline SystemStatusRilCellInfo(const RilCellInfoDataItemBase& itemBase) :
RilCellInfoDataItemBase(itemBase) {}
inline bool equals(const SystemStatusRilCellInfo& /*peer*/) {
return true;
}
@ -505,6 +523,8 @@ class SystemStatusServiceStatus : public SystemStatusItemBase,
public:
inline SystemStatusServiceStatus(int32_t mServiceState=0) :
ServiceStatusDataItemBase(mServiceState) {}
inline SystemStatusServiceStatus(const ServiceStatusDataItemBase& itemBase) :
ServiceStatusDataItemBase(itemBase) {}
inline bool equals(const SystemStatusServiceStatus& peer) {
return (mServiceState == peer.mServiceState);
}
@ -516,6 +536,8 @@ class SystemStatusModel : public SystemStatusItemBase,
public:
inline SystemStatusModel(string name="") :
ModelDataItemBase(name) {}
inline SystemStatusModel(const ModelDataItemBase& itemBase) :
ModelDataItemBase(itemBase) {}
inline bool equals(const SystemStatusModel& peer) {
return (mModel == peer.mModel);
}
@ -527,6 +549,8 @@ class SystemStatusManufacturer : public SystemStatusItemBase,
public:
inline SystemStatusManufacturer(string name="") :
ManufacturerDataItemBase(name) {}
inline SystemStatusManufacturer(const ManufacturerDataItemBase& itemBase) :
ManufacturerDataItemBase(itemBase) {}
inline bool equals(const SystemStatusManufacturer& peer) {
return (mManufacturer == peer.mManufacturer);
}
@ -538,6 +562,8 @@ class SystemStatusAssistedGps : public SystemStatusItemBase,
public:
inline SystemStatusAssistedGps(bool enabled=false) :
AssistedGpsDataItemBase(enabled) {}
inline SystemStatusAssistedGps(const AssistedGpsDataItemBase& itemBase) :
AssistedGpsDataItemBase(itemBase) {}
inline bool equals(const SystemStatusAssistedGps& peer) {
return (mEnabled == peer.mEnabled);
}
@ -549,6 +575,8 @@ class SystemStatusScreenState : public SystemStatusItemBase,
public:
inline SystemStatusScreenState(bool state=false) :
ScreenStateDataItemBase(state) {}
inline SystemStatusScreenState(const ScreenStateDataItemBase& itemBase) :
ScreenStateDataItemBase(itemBase) {}
inline bool equals(const SystemStatusScreenState& peer) {
return (mState == peer.mState);
}
@ -560,6 +588,8 @@ class SystemStatusPowerConnectState : public SystemStatusItemBase,
public:
inline SystemStatusPowerConnectState(bool state=false) :
PowerConnectStateDataItemBase(state) {}
inline SystemStatusPowerConnectState(const PowerConnectStateDataItemBase& itemBase) :
PowerConnectStateDataItemBase(itemBase) {}
inline bool equals(const SystemStatusPowerConnectState& peer) {
return (mState == peer.mState);
}
@ -572,6 +602,8 @@ public:
inline SystemStatusTimeZoneChange(
int64_t currTimeMillis=0ULL, int32_t rawOffset=0, int32_t dstOffset=0) :
TimeZoneChangeDataItemBase(currTimeMillis, rawOffset, dstOffset) {}
inline SystemStatusTimeZoneChange(const TimeZoneChangeDataItemBase& itemBase) :
TimeZoneChangeDataItemBase(itemBase) {}
inline bool equals(const SystemStatusTimeZoneChange& peer) {
return ((mCurrTimeMillis == peer.mCurrTimeMillis) &&
(mRawOffsetTZ == peer.mRawOffsetTZ) &&
@ -586,6 +618,8 @@ public:
inline SystemStatusTimeChange(
int64_t currTimeMillis=0ULL, int32_t rawOffset=0, int32_t dstOffset=0) :
TimeChangeDataItemBase(currTimeMillis, rawOffset, dstOffset) {}
inline SystemStatusTimeChange(const TimeChangeDataItemBase& itemBase) :
TimeChangeDataItemBase(itemBase) {}
inline bool equals(const SystemStatusTimeChange& peer) {
return ((mCurrTimeMillis == peer.mCurrTimeMillis) &&
(mRawOffsetTZ == peer.mRawOffsetTZ) &&
@ -599,6 +633,8 @@ class SystemStatusWifiSupplicantStatus : public SystemStatusItemBase,
public:
inline SystemStatusWifiSupplicantStatus() :
WifiSupplicantStatusDataItemBase() {}
inline SystemStatusWifiSupplicantStatus(const WifiSupplicantStatusDataItemBase& itemBase) :
WifiSupplicantStatusDataItemBase(itemBase) {}
inline bool equals(const SystemStatusWifiSupplicantStatus& peer) {
return ((mState == peer.mState) &&
(mApMacAddressValid == peer.mApMacAddressValid) &&
@ -613,6 +649,8 @@ class SystemStatusShutdownState : public SystemStatusItemBase,
public:
inline SystemStatusShutdownState(bool state=false) :
ShutdownStateDataItemBase(state) {}
inline SystemStatusShutdownState(const ShutdownStateDataItemBase& itemBase) :
ShutdownStateDataItemBase(itemBase) {}
inline bool equals(const SystemStatusShutdownState& peer) {
return (mState == peer.mState);
}
@ -624,7 +662,8 @@ class SystemStatusTac : public SystemStatusItemBase,
public:
inline SystemStatusTac(std::string value="") :
TacDataItemBase(value) {}
inline SystemStatusTac(const TacDataItemBase& itemBase) :
TacDataItemBase(itemBase) {}
inline bool equals(const SystemStatusTac& peer) {
return (mValue == peer.mValue);
}
@ -639,6 +678,8 @@ class SystemStatusMccMnc : public SystemStatusItemBase,
public:
inline SystemStatusMccMnc(std::string value="") :
MccmncDataItemBase(value) {}
inline SystemStatusMccMnc(const MccmncDataItemBase& itemBase) :
MccmncDataItemBase(itemBase) {}
inline bool equals(const SystemStatusMccMnc& peer) {
return (mValue == peer.mValue);
}
@ -653,6 +694,8 @@ class SystemStatusBtDeviceScanDetail : public SystemStatusItemBase,
public:
inline SystemStatusBtDeviceScanDetail() :
BtDeviceScanDetailsDataItemBase() {}
inline SystemStatusBtDeviceScanDetail(const BtDeviceScanDetailsDataItemBase& itemBase) :
BtDeviceScanDetailsDataItemBase(itemBase) {}
inline bool equals(const SystemStatusBtDeviceScanDetail& /*peer*/) {
return true;
}
@ -664,6 +707,8 @@ class SystemStatusBtleDeviceScanDetail : public SystemStatusItemBase,
public:
inline SystemStatusBtleDeviceScanDetail() :
BtLeDeviceScanDetailsDataItemBase() {}
inline SystemStatusBtleDeviceScanDetail(const BtLeDeviceScanDetailsDataItemBase& itemBase) :
BtLeDeviceScanDetailsDataItemBase(itemBase) {}
inline bool equals(const SystemStatusBtleDeviceScanDetail& /*peer*/) {
return true;
}
@ -739,8 +784,8 @@ private:
SystemStatusReports mCache;
bool mConnected;
// set dataitem derived item in report cache
bool setNetworkInfo(const SystemStatusNetworkInfo& s);
template <typename TYPE_SYSTEMSTATUS_ITEM, typename TYPE_REPORT, typename TYPE_ITEMBASE>
bool setItemBaseinReport(TYPE_REPORT& report, const TYPE_ITEMBASE& s);
template <typename TYPE_REPORT, typename TYPE_ITEM>
bool setIteminReport(TYPE_REPORT& report, const TYPE_ITEM& s);