Wed Jul 25 19:03:50 2018 UTC ()
Avoid potential undefined behavior in bta2dpd(8)

The operator >> causes implicit promotion to int.

There is need to cast the result back to uint8_t in order to save the
return value to a data undef a pointe of type uint8_t.

Requested by GCC when building with Undefined Behavior Sanitizer.


(kamil)
diff -r1.1 -r1.2 src/usr.sbin/bta2dpd/bta2dpd/avdtp.c
cvs diff -r1.1 -r1.2 src/usr.sbin/bta2dpd/bta2dpd/avdtp.c (expand / switch to unified diff)

--- src/usr.sbin/bta2dpd/bta2dpd/avdtp.c 2017/01/28 16:55:54 1.1
+++ src/usr.sbin/bta2dpd/bta2dpd/avdtp.c 2018/07/25 19:03:50 1.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: avdtp.c,v 1.1 2017/01/28 16:55:54 nat Exp $ */ 1/* $NetBSD: avdtp.c,v 1.2 2018/07/25 19:03:50 kamil Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2015 - 2016 Nathanial Sloss <nathanialsloss@yahoo.com.au> 4 * Copyright (c) 2015 - 2016 Nathanial Sloss <nathanialsloss@yahoo.com.au>
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This software is dedicated to the memory of - 7 * This software is dedicated to the memory of -
8 * Baron James Anlezark (Barry) - 1 Jan 1949 - 13 May 2012. 8 * Baron James Anlezark (Barry) - 1 Jan 1949 - 13 May 2012.
9 * 9 *
10 * Barry was a man who loved his music. 10 * Barry was a man who loved his music.
11 * 11 *
12 * Redistribution and use in source and binary forms, with or without 12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions 13 * modification, are permitted provided that the following conditions
14 * are met: 14 * are met:
@@ -79,27 +79,27 @@ avdtpCheckResponse(int recvfd, bool *isC @@ -79,27 +79,27 @@ avdtpCheckResponse(int recvfd, bool *isC
79{ 79{
80 uint8_t buffer[1024]; 80 uint8_t buffer[1024];
81 size_t len; 81 size_t len;
82 82
83 *isCommand = false; 83 *isCommand = false;
84 len = (size_t)read(recvfd, buffer, sizeof(buffer)); 84 len = (size_t)read(recvfd, buffer, sizeof(buffer));
85 85
86 if (datasize) 86 if (datasize)
87 *datasize = 0; 87 *datasize = 0;
88 88
89 if (len < AVDTP_LEN_SUCCESS) 89 if (len < AVDTP_LEN_SUCCESS)
90 return ENOMEM; 90 return ENOMEM;
91 91
92 *trans = (buffer[0] & TRANSACTIONLABEL) >> TRANSACTIONLABEL_S; 92 *trans = (uint8_t)((buffer[0] & TRANSACTIONLABEL) >> TRANSACTIONLABEL_S);
93 *signalId = buffer[1] & SIGNALID_MASK; 93 *signalId = buffer[1] & SIGNALID_MASK;
94 if ((buffer[0] & MESSAGETYPE) == COMMAND) { 94 if ((buffer[0] & MESSAGETYPE) == COMMAND) {
95 if (datasize) 95 if (datasize)
96 *datasize = 0; 96 *datasize = 0;
97 if (sep && len > 2) 97 if (sep && len > 2)
98 *sep = buffer[2] >> 2; 98 *sep = buffer[2] >> 2;
99 *isCommand = true; 99 *isCommand = true;
100 } 100 }
101 101
102 if (len == AVDTP_LEN_ERROR) 102 if (len == AVDTP_LEN_ERROR)
103 return buffer[2]; 103 return buffer[2];
104 else if ((len % AVDTP_LEN_SUCCESS) == 0 && 104 else if ((len % AVDTP_LEN_SUCCESS) == 0 &&
105 buffer[0] & RESPONSEACCEPT) { 105 buffer[0] & RESPONSEACCEPT) {
@@ -367,14 +367,13 @@ avdtpAutoConfigSBC(int fd, int recvfd, u @@ -367,14 +367,13 @@ avdtpAutoConfigSBC(int fd, int recvfd, u
367 *bitpool = supBitpoolMax; 367 *bitpool = supBitpoolMax;
368 368
369 uint8_t config[] = {mediaTransport, 0x0, mediaCodec, 0x6, 369 uint8_t config[] = {mediaTransport, 0x0, mediaCodec, 0x6,
370 mediaTypeAudio, SBC_CODEC_ID, freqmode, blk_len_sb_alloc, 370 mediaTypeAudio, SBC_CODEC_ID, freqmode, blk_len_sb_alloc,
371 supBitpoolMin, supBitpoolMax}; 371 supBitpoolMin, supBitpoolMax};
372 372
373 if (avdtpSetConfiguration(fd, fd, sep, config, sizeof(config), 373 if (avdtpSetConfiguration(fd, fd, sep, config, sizeof(config),
374 srcsep) == 0) 374 srcsep) == 0)
375 return 0; 375 return 0;
376 376
377auto_config_failed: 377auto_config_failed:
378 return EINVAL; 378 return EINVAL;
379} 379}
380