This fixes bluetoothd crash when AT+VTS command is badly formatted,
e.g. as AT+VTS\xfe\xfe[...]=1
---
audio/headset.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/audio/headset.c b/audio/headset.c
index 0270e2c..da499d8 100644
--- a/audio/headset.c
+++ b/audio/headset.c
@@ -1015,12 +1015,18 @@ int telephony_transmit_dtmf_rsp(void *telephony_device, cme_error_t err)
static int dtmf_tone(struct audio_device *device, const char *buf)
{
+ char *pch;
+
if (strlen(buf) < 8) {
error("Too short string for DTMF tone");
return -EINVAL;
}
- telephony_transmit_dtmf_req(device, buf[7]);
+ pch = strchr(&buf[6],'=');
+ if (pch)
+ telephony_transmit_dtmf_req(device, *(++pch));
+ else
+ return -EINVAL;
return 0;
}
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
