From a38a8b84771fd0b8b7df126bde012d644b129bb8 Mon Sep 17 00:00:00 2001
From: Kevin Tang <zhikait@codeaurora.org>
Date: Mon, 6 Jul 2015 14:14:17 -0700
Subject: [PATCH] memory management fixes

byte long each, but the loc_set_config_entry() util call
writes an int at a time, causing buffer overflow. #2, in
loc_xtra-init(), a data structure wrap happened without
iniializing the unused data fields.

Change-Id: I96b40a330316927d276840a997082fe759263699
CRs-Fixed: 866937
---
 loc_api/libloc_api_50001/loc.cpp | 5 ++++-
 utils/loc_cfg.cpp                | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/loc_api/libloc_api_50001/loc.cpp b/loc_api/libloc_api_50001/loc.cpp
index d735b97a..a1ae9933 100644
--- a/loc_api/libloc_api_50001/loc.cpp
+++ b/loc_api/libloc_api_50001/loc.cpp
@@ -805,7 +805,10 @@ SIDE EFFECTS
 static int loc_xtra_init(GpsXtraCallbacks* callbacks)
 {
     ENTRY_LOG();
-    int ret_val = loc_eng_xtra_init(loc_afw_data, (GpsXtraExtCallbacks*)callbacks);
+    GpsXtraExtCallbacks extCallbacks;
+    memset(&extCallbacks, 0, sizeof(extCallbacks));
+    extCallbacks.download_request_cb = callbacks->download_request_cb;
+    int ret_val = loc_eng_xtra_init(loc_afw_data, &extCallbacks);
 
     EXIT_LOG(%d, ret_val);
     return ret_val;
diff --git a/utils/loc_cfg.cpp b/utils/loc_cfg.cpp
index a7697762..5c33320d 100644
--- a/utils/loc_cfg.cpp
+++ b/utils/loc_cfg.cpp
@@ -52,8 +52,8 @@
  *============================================================================*/
 
 /* Parameter data */
-static uint8_t DEBUG_LEVEL = 0xff;
-static uint8_t TIMESTAMP = 0;
+static uint32_t DEBUG_LEVEL = 0xff;
+static uint32_t TIMESTAMP = 0;
 
 /* Parameter spec table */
 static loc_param_s_type loc_param_table[] =