diff options
| author | Sven Gothel <[email protected]> | 2020-10-17 15:41:36 +0200 |
|---|---|---|
| committer | Sven Gothel <[email protected]> | 2020-10-17 15:41:36 +0200 |
| commit | d17a42105afd7e5e2ab65ccecc9195cbf9d313ea (patch) | |
| tree | aac29e85334f38f9c8e9f8b929a7bb712b6325fc /src | |
| parent | 076bbdea7f1500c7226c59000017794fe4d4ab37 (diff) | |
HCIHandler (UBSAN): Replace 'nasty' cast to 'HCIStructCmdCompleteMetaEvt<T> *' with wrapper 'HCIStructCmdCompleteMetaEvtWrap<T>' ctor
Assume T is any 'hci_cmd_event_struct' template type.
We had
[1] HCIStructCmdCompleteMetaEvt<T> * ev_cc = (HCIStructCmdCompleteMetaEvt<T> *) orig_ptr;
now use simple (actual) wrapper (as was intended)
[2] HCIStructCmdCompleteMetaEvtWrap<T> ev_cc(*orig_ptr);
++++
[1] is a potential violation of virtual function pointer table,
as HCIStructCmdCompleteMetaEvt<T> might not have indentical heritage as
the type 'orig_ptr' points to.
The intention was to just access the orig_ptr data to deliver
certain aspects in regards to any 'hci_cmd_event_struct' -> a wrapper.
[2] Resolves the issue, using a temporary instance of the wrapper.
This inconsistency was found with 'UndefinedBehaviorSanitizer' UBSAN,
using GCC '-fsanitize=undefined' option.
Diffstat (limited to 'src')
| -rw-r--r-- | src/direct_bt/HCIHandler.cpp | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/direct_bt/HCIHandler.cpp b/src/direct_bt/HCIHandler.cpp index e0b9590b..b4afc008 100644 --- a/src/direct_bt/HCIHandler.cpp +++ b/src/direct_bt/HCIHandler.cpp @@ -962,16 +962,16 @@ const hci_cmd_event_struct* HCIHandler::getReplyStruct(std::shared_ptr<HCIEvent> const hci_cmd_event_struct* res = nullptr; *status = HCIStatusCode::INTERNAL_FAILURE; - typedef HCIStructCmdCompleteEvt<hci_cmd_event_struct> HCITypeCmdCompleteEvt; - HCITypeCmdCompleteEvt * ev_cc = static_cast<HCITypeCmdCompleteEvt*>(event.get()); - if( ev_cc->isTypeAndSizeValid(evc) ) { - *status = ev_cc->getStatus(); - res = ev_cc->getStruct(); + typedef HCIStructCmdCompleteEvtWrap<hci_cmd_event_struct> HCITypeCmdCompleteEvtWrap; + HCITypeCmdCompleteEvtWrap ev_cc( *event.get() ); + if( ev_cc.isTypeAndSizeValid(evc) ) { + *status = ev_cc.getStatus(); + res = ev_cc.getStruct(); } else { WARN_PRINT("HCIHandler::getReplyStruct: %s: Type or size mismatch: Status 0x%2.2X (%s), errno %d %s: res %s", getHCIEventTypeString(evc).c_str(), number(*status), getHCIStatusCodeString(*status).c_str(), errno, strerror(errno), - ev_cc->toString().c_str()); + ev_cc.toString().c_str()); } return res; } @@ -982,16 +982,16 @@ const hci_cmd_event_struct* HCIHandler::getMetaReplyStruct(std::shared_ptr<HCIEv const hci_cmd_event_struct* res = nullptr; *status = HCIStatusCode::INTERNAL_FAILURE; - typedef HCIStructCmdCompleteMetaEvt<hci_cmd_event_struct> HCITypeCmdCompleteMetaEvt; - HCITypeCmdCompleteMetaEvt * ev_cc = static_cast<HCITypeCmdCompleteMetaEvt*>(event.get()); - if( ev_cc->isTypeAndSizeValid(mec) ) { - *status = ev_cc->getStatus(); - res = ev_cc->getStruct(); + typedef HCIStructCmdCompleteMetaEvtWrap<hci_cmd_event_struct> HCITypeCmdCompleteMetaEvtWrap; + HCITypeCmdCompleteMetaEvtWrap ev_cc( *static_cast<HCIMetaEvent*>( event.get() ) ); + if( ev_cc.isTypeAndSizeValid(mec) ) { + *status = ev_cc.getStatus(); + res = ev_cc.getStruct(); } else { WARN_PRINT("HCIHandler::getMetaReplyStruct: %s: Type or size mismatch: Status 0x%2.2X (%s), errno %d %s: res %s", getHCIMetaEventTypeString(mec).c_str(), number(*status), getHCIStatusCodeString(*status).c_str(), errno, strerror(errno), - ev_cc->toString().c_str()); + ev_cc.toString().c_str()); } return res; } |