diff options
| author | Denis Kenzior <denkenz@gmail.com> | 2011-05-08 23:27:17 -0500 |
|---|---|---|
| committer | Denis Kenzior <denkenz@gmail.com> | 2011-05-08 23:27:17 -0500 |
| commit | b1f4e981f4935bff1b198a24cf110a6e838e42a9 (patch) | |
| tree | 738ec319287880f5e55ffbe3c90865dc8e11c616 /src | |
| parent | 33515dbab3e2901e4e0c41d49746f55f80a0c6c2 (diff) | |
| download | ofono-b1f4e981f4935bff1b198a24cf110a6e838e42a9.tar.bz2 | |
sim: Fix potential use of uninitialized variable
In certain circumstances, when the image has been cached but EFimg has
not been read yet, we might end up accessing an unitialized variable.
Fix this by always failing if EFimg has not been read yet.
Diffstat (limited to 'src')
| -rw-r--r-- | src/sim.c | 22 |
1 files changed, 8 insertions, 14 deletions
@@ -945,18 +945,15 @@ static void sim_get_image(struct ofono_sim *sim, unsigned char id, unsigned short iidf_offset; unsigned short iidf_len; - image = sim_fs_get_cached_image(sim->simfs, id); - - if (image != NULL) { - sim_get_image_cb(sim, id, image, FALSE); - goto watch; - } - - if (sim->efimg_length <= (id * 9)) { + if (sim->efimg_length <= id * 9) { sim_get_image_cb(sim, id, NULL, FALSE); return; } + image = sim_fs_get_cached_image(sim->simfs, id); + if (image != NULL) + sim_get_image_cb(sim, id, image, FALSE); + efimg = &sim->efimg[id * 9]; iidf_id = efimg[3] << 8 | efimg[4]; @@ -964,12 +961,9 @@ static void sim_get_image(struct ofono_sim *sim, unsigned char id, iidf_len = efimg[7] << 8 | efimg[8]; /* read the image data */ - ofono_sim_read_bytes(sim->context, iidf_id, iidf_offset, iidf_len, - sim_iidf_read_cb, sim); - -watch: - if (sim->efimg_length <= id * 9) - return; + if (image == NULL) + ofono_sim_read_bytes(sim->context, iidf_id, iidf_offset, + iidf_len, sim_iidf_read_cb, sim); if (sim->iidf_watch_ids[id] > 0) return; |