Dial uses variable length data, check if we received as much as was declared. This fixes two negative ipc-tester cases for hfp-client dial api call not passing. --- android/handsfree-client.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/android/handsfree-client.c b/android/handsfree-client.c index be29952..773ef76 100644 --- a/android/handsfree-client.c +++ b/android/handsfree-client.c @@ -97,6 +97,15 @@ static void handle_volume_control(const void *buf, uint16_t len) static void handle_dial(const void *buf, uint16_t len) { + const struct hal_cmd_hf_client_dial *cmd = buf; + + if (len != sizeof(*cmd) + cmd->number_len) { + error("Malformed number data, size (%u bytes), terminating", + len); + raise(SIGTERM); + return; + } + DBG("Not Implemented"); ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HANDSFREE_CLIENT, HAL_OP_HF_CLIENT_DIAL, HAL_STATUS_UNSUPPORTED); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html