--- a/javaextensions/bluetooth/bluetoothcommons/src.s60/servicerecord.cpp Fri Sep 17 08:28:21 2010 +0300
+++ b/javaextensions/bluetooth/bluetoothcommons/src.s60/servicerecord.cpp Mon Oct 04 00:10:53 2010 +0300
@@ -207,7 +207,7 @@
persistentRecFd = open(fileName, O_RDONLY);
delete[] fileName;
}
- catch (ExceptionBase ex)
+ catch (ExceptionBase &ex)
{
ELOG1(
EJavaBluetooth,
@@ -285,10 +285,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >4))
break;
- TUint8 buf[20] = { 0 };
+ TUint8 buf[4] = { 0 };
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -301,10 +301,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >16))
break;
- TUint8 buf[20] = { 0 };
+ TUint8 buf[16] = { 0 };
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -318,10 +318,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >4))
break;
- TUint8 buf[20] = { 0 };
+ TUint8 buf[4] = { 0 };
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -338,10 +338,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >16))
break;
- TUint8 buf[20] = { 0 };
+ TUint8 buf[16] = { 0 };
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -357,7 +357,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >256))
break;
TUint8 buf[256] = { 0 };
@@ -383,7 +383,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >1024))
break;
TUint8 buf[1024] = {0};
@@ -402,7 +402,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >1024))
break;
TUint8 buf[1024] = {0};
@@ -620,7 +620,7 @@
delete[] fileName;
}
- catch (ExceptionBase ex)
+ catch (ExceptionBase &ex)
{
ELOG1(
EJavaBluetooth,
@@ -688,7 +688,7 @@
}
delete[] dirName;
}
- catch (ExceptionBase ex)
+ catch (ExceptionBase &ex)
{
ELOG1(EJavaBluetooth,
"- ServiceRecord::getPersistentFileName exception Caught: %S",
@@ -1288,7 +1288,7 @@
persistentRecFd = open(fileName, O_RDONLY);
delete[] fileName;
}
- catch (ExceptionBase ex)
+ catch (ExceptionBase &ex)
{
ELOG1(EJavaBluetooth,
"- ServiceRecord::restoreJavaServiceRecord exception caught: %S",
@@ -1383,10 +1383,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >4))
break;
- TUint8 bytes[20] = {0};
+ TUint8 bytes[4] = {0};
ret = read(persistentRecFd, bytes, len);
if (ret <= 0)
break;
@@ -1402,10 +1402,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len > 16))
break;
- TUint8 buf[20] = {0};
+ TUint8 buf[16] = {0};
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -1422,10 +1422,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >4))
break;
- TUint8 bytes[20] = {0};
+ TUint8 bytes[4] = {0};
ret = read(persistentRecFd, bytes, len);
if (ret <= 0)
break;
@@ -1441,10 +1441,10 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >16))
break;
- TUint8 buf[20] = {0};
+ TUint8 buf[16] = {0};
ret = read(persistentRecFd, buf, len);
if (ret <= 0)
break;
@@ -1459,7 +1459,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >256))
break;
TUint8 buf[256] = {0};
@@ -1481,7 +1481,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >1024))
break;
TUint8 buf[1024] = {0};
@@ -1502,7 +1502,7 @@
{
int len = 0;
ret = read(persistentRecFd, &len, sizeof(len));
- if (ret <= 0)
+ if (ret <= 0 || (len <= 0 || len >1024))
break;
TUint8 buf[1024] = {0};