From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: balakrishna <quic_kunthumu@quicinc.com> Date: Tue, 7 Mar 2023 16:53:46 +0530 Subject: [PATCH] BT: Fixing the rfc_slot_id overflow Root cause: overflow causing leak in slot fds. As slot id 0 not valid, we are not able to release these fds later. Fix: Changes are made to avoid overflow while allocate rfc slots. CRs-Fixed: 3417458 Change-Id: I5d7efa34bfb97a6dd8e9d68615d29120a0ae51f0 --- btif/src/btif_sock_rfc.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/btif/src/btif_sock_rfc.cc b/btif/src/btif_sock_rfc.cc index 2ea2a15f9..cd7dbacd4 100644 --- a/btif/src/btif_sock_rfc.cc +++ b/btif/src/btif_sock_rfc.cc @@ -207,7 +207,11 @@ static rfc_slot_t* alloc_rfc_slot(const RawAddress* addr, const char* name, } // Increment slot id and make sure we don't use id=0. - if (++rfc_slot_id == 0) rfc_slot_id = 1; + if (UINT32_MAX == rfc_slot_id) { + rfc_slot_id = 1; + } else { + ++rfc_slot_id; + } slot->fd = fds[0]; slot->app_fd = fds[1];