Function: ag_features_list
static const char *list[10]; (Out of bounds write, line 75)
Incrementing i the value is now 10, for “hf-indicators”
Reported by: blanca.e.sabas.rosales@intel.com
If there is more then one active or held call, we are in mpty calls.
We won't get indicator update if any of them is released by CHLD=1x.
So we have to poll it.
On the basis that tc6x and other Cinterion devices will likely
have similar firmware requirements, provide a generic Cinterion
plugin which is functionally identical to the replaced tc65 plugin.
The udev implementation retains support for "tc65" name for
backwards compatibility, and adds support for the new "cinterion"
name.
Private connection should be properly closed with dbus_connection_close
otherwise libdbus exits with the following error:
'The last reference on a connection was dropped without closing the
connection. This is a bug in an application. See
dbus_connection_unref() documentation for details. Most likely, the
application was supposed to call dbus_connection_close(), since this
is a private connection.'
Passing NULL format parameter to vsnprintf results in invalid argument
error on glibc. But with some other libc libraries (musl and uClibc)
this results in dereferencing NULL pointer and crash due to
segmentation fault.
GDBusClient currently hard-codes "/" as the remote ObjectManager path.
This is generally incorrect, as an application can choose to expose an
ObjectManager at any well-known path. This patch fixes this by allowing
the user to pass in the ObjectManager path by introducing a new
conctructor "g_dbus_client_new_full".
The client code currently issues GetManagedObjects if new handlers are
set via g_dbus_client_set_proxy_handlers. An application may set these
to NULL before unref'ing a client or to simply prevent further events.
Hence, there is no need to refresh objects or properties if all handlers
are NULL.
iPhone 5s with iOS8.2 sometimes failes to acknowledge AT+BCC
with OK. This means +CIEV events get consumed by this command
and call ended notification is not parsed.
Nov 30 00:00:19 ofonod[938]: > AT+BCC\r
Nov 30 00:00:28 ofonod[938]: < \r\n+CIEV: 2,0\r\n
If daemon gets disconnected from D-Bus sender is NULL. Watches that
was explicitly added with NULL sender (ie disconnected_signal in
g_dbus_set_disconnect_function) should be called anyway.
If g_dbus_client_set_proxy_handlers gets called from within a
proxy_removed callback, the code may end up refreshing the proxy's
properties and incorrectly access the client's proxy_list as it gets
freed. This patch fixes this, so that get_managed_objects does nothing
if it gets called during a service disconnect.
TP-OA max length comparisons were incorrect because TP-OA's 7-bit
coded octets transport eleven 8-bit chars. The current code assumed
only 10 chars were possible.
The patch
- increases the array size to 23, (maximum of 22 bytes for UTF8
encoding + null terminator)
- Updates the sanity check to account for the correct maximum
- For encoding, checks the maximum length in UTF8 characters instead of
bytes
Init allocates a SCO audio socket always. oFono should do that
with bluez5 but not with bluez4. This patch starts the refactoring of
the handsfree_audio_manager init/cleanup functionality.
When pin is queried shortly after a Siera dongle is plugged in,
"AT+CPIN?" responds with "CME ERROR 14: SIM".
Poll the sim, as already done by several other vendor plugins.