Despite the modularity of the FastRPC implementation, there are no unit
tests. This makes it unpredictable when the implementation encounters an
unlikely scenario, such as when reading uninitialized memory that is
non-zero, or when allocating zero bytes of memory. Add a unit test for
the I/O buffer encoder and decoder so there can be more confidence in
its expected operation.
This does not test edge cases in the malloc() function, such as
allocating zero bytes or failures.
When a pathname navigates to the parent directory via the special "../"
name, the current directory may be assigned a numeric file descriptor.
With a numeric file descriptor, the current directory can still be
referenced, and should not be closed. Only close the directory if it is
not assigned.
The file descriptor for the root directory is required for file
operations. Without the root directory open, opening or getting stats of
a file always fails. Currently, the apps_std methods check if the root
directory is open every time they are called. Fail to initialize if the
root directory cannot be opened to allow the simplification of remote
methods accepting a path name.
The path name is already NULL-terminated by the caller and does not need
to be copied to a larger buffer to add more NULL termination. Allocating
an extra buffer can cause an unnecessary crash or failure when out of
memory. Do not copy the path name. Instead, check that the path name is
NULL-terminated by the caller.
Normally, the CHRE performs a full configuration on streaming sensors
with a stream type of zero. This made it seem like a simple enable would
not properly activate sensors with this stream type, but it is possible
to use the watch command on streaming sensors. Remove this statement
which may be misleading.
The decoding error was added in the previous commit with the -1 return
value. Propagate it as a fatal error (-1).
Also remove a newline in an existing perror statement, where the error
message would be split between lines.
The decoder dynamically allocates memory while decoding so the decoded
buffers have the correct size. This can fail, often when the memory runs
out. Propagate any errors from malloc() and do not attempt to decode the
buffer.
There is no real reason for the position attributes to be signed. It
does not make sense to have a negative offset in the current input
buffer, negative alignment, or negative offset in the size of the
current input buffer. A negative number of input buffers also makes no
sense. Reorganize the decoder context struct and the I/O buffer struct
so offsets and maximums are together, nothing has the unnecessary
capability of being negative, and the sizes are not wider than possible
in the format.
Also include the definition for uint32_t.
Also update the error message format in listener.c to read a 32-bit
integer.
When the decoding continues from a misaligned part of the buffer, the
decoder attempts to skip some of the buffer to realign itself, even if
it is not the beginning of the buffer. To allow the decoding of an input
with a size indivisible by 8, only consume the alignment at the
beginning of an input buffer.
The bug outlined here does not happen in practice because the size of
the encoded input is hardcoded to 256 in listener.c.
Fixes: 77f855ec84 ("fastrpc: decode input buffers")
According to malloc(3p), a call to malloc with a size of zero can result
in a NULL pointer. If this occurs, the initialized decoding context is
still valid and the program may proceed without failing. Allow a NULL
pointer when there are zero input buffers to be processed.
Fixes: 77f855ec84 ("fastrpc: decode input buffers")
The amount of output buffers needed should be computed before the check,
otherwise it checks an uninitialized value. Initialize it first so that
the zero check works as intended.
Fixes: 9ea9bed77b ("fastrpc: hexagonrpcd: listener: do not attempt to allocate zero outbufs")
The mapped_or_empty file implementation uses NULL to denote when an
empty directory should be in place of a non-existent file. Changing the
pointer to the output has no effect. Change the implementation data to a
NULL pointer so empty directories function properly.
The is_assigned attribute should only be true when it is assigned a
numeric ID, otherwise it will not be closed. The from_dirent operations
in the implementations of a file type do not use the calloc() function,
so the is_assigned attribute is uninitialized. Initialize it to zero so
the open file can be closed when requested.
The malloc(3p) manual page states that an implementation may choose to
return a non-NULL pointer when the size is zero. This function assumes
that there is an element in the array if the pointer is not NULL. When
the size is zero, skip the allocation and return NULL.
The qmic utility is rarely packaged in mainstream distributions, making
it inconvenient to set up a working build environment. Add generated
source files to enable compilation without qmic installed.
These variables went unused since the input buffer lengths were switched
to the sizes parsed by iobuffer.c, instead of the sizes in the primary
input argument. This makes it unnecessary at times to unpack the primary
input buffer, although the variables were being kept around to document
calling conventions. Remove the variables since they add unnecessary
warnings.
The calling conventions can still be found in the Android implementation
of FastRPC.
This interface implementation no longer opens files directly, but sends
requests to hexagonfs. Hence, fcntl.h and dirent.h are no longer needed.
Also, it uses 32-bit integers from stdint.h.
The data types for the ioctl wrapper are important, as it has variable
arguments. Document them.
Also mention terminology used in QAIC output to aid in understanding
this project in relation to existing FastRPC implementations.
