From d01d85d466ffcd7a343d85f339c386942b796d1f Mon Sep 17 00:00:00 2001 From: shenbo <2268384786@qq.com> Date: Sat, 14 Dec 2024 16:20:25 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8D=95=E5=8F=B7:#IB9H0U?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 描述:挂测出现cppcrash,进程: audio_host,崩溃so: libasound.so(snd_ctl_elem_read+0) 问题根因:空指针crash 解决方案:对参数做判空操作 是否完成编程规范自检:Y 是否编译且验证通过:Y 影响的设备与平台范围:oriole 团队: H Signed-off-by: shenbo <2268384786@qq.com> --- src/control/control.c | 75 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 61 insertions(+), 14 deletions(-) diff --git a/src/control/control.c b/src/control/control.c index d77ab24c..986873b7 100644 --- a/src/control/control.c +++ b/src/control/control.c @@ -235,16 +235,27 @@ snd_ctl_type_t snd_ctl_type(snd_ctl_t *ctl) */ int snd_ctl_close(snd_ctl_t *ctl) { - int err; - while (!list_empty(&ctl->async_handlers)) { - snd_async_handler_t *h = list_entry(&ctl->async_handlers.next, snd_async_handler_t, hlist); - snd_async_del_handler(h); - } - err = ctl->ops->close(ctl); - free(ctl->name); - snd_dlobj_cache_put(ctl->open_func); - free(ctl); - return err; + if (ctl == NULL) { + fprintf(stderr, "Error: Attempt to close a NULL sound control object.\n"); + return -EINVAL; + } + + while (!list_empty(&ctl->async_handlers)) { + snd_async_handler_t *h = list_entry(ctl->async_handlers.next, snd_async_handler_t, hlist); + if (snd_async_del_handler(h) != 0) { + fprintf(stderr, "Error: Failed to delete async handler.\n"); + } + } + + int err = (ctl->ops && ctl->ops->close) ? ctl->ops->close(ctl) : -ENOSYS; + + if (ctl->name) { + free(ctl->name); + ctl->name = NULL; + } + snd_dlobj_cache_put(ctl->open_func); + + return err; } /** @@ -424,8 +435,24 @@ int snd_ctl_elem_list(snd_ctl_t *ctl, snd_ctl_elem_list_t *list) */ int snd_ctl_elem_info(snd_ctl_t *ctl, snd_ctl_elem_info_t *info) { - assert(ctl && info && (info->id.name[0] || info->id.numid)); - return ctl->ops->element_info(ctl, info); + if (!ctl) { + fprintf(stderr, "Error: Null pointer passed for ctl.\n"); + return -EINVAL; + } + if (!info) { + fprintf(stderr, "Error: Null pointer passed for info.\n"); + return -EINVAL; + } + if (!(info->id.name[0] || info->id.numid)) { + fprintf(stderr, "Error: Both name and numid are empty in info.\n"); + return -EINVAL; + } + if (!ctl->ops->element_info) { + fprintf(stderr, "Error: Null function pointer for element_info in ctl->ops.\n"); + return -ENOSYS; + } + + return ctl->ops->element_info(ctl, info); } #ifndef DOC_HIDDEN @@ -1012,7 +1039,17 @@ int snd_ctl_elem_remove(snd_ctl_t *ctl, snd_ctl_elem_id_t *id) */ int snd_ctl_elem_read(snd_ctl_t *ctl, snd_ctl_elem_value_t *data) { - assert(ctl && data && (data->id.name[0] || data->id.numid)); + if (!ctl || !data) { + fprintf(stderr, "Error: NULL pointer passed to snd_ctl_elem_read\n"); + return -EINVAL; + } + + if (!ctl->ops->element_read) { + fprintf(stderr, "Error: ctl->ops.element_read is NULL\n"); + return -EINVAL; + } + + assert(data->id.name[0] || data->id.numid); return ctl->ops->element_read(ctl, data); } @@ -1033,7 +1070,17 @@ int snd_ctl_elem_read(snd_ctl_t *ctl, snd_ctl_elem_value_t *data) */ int snd_ctl_elem_write(snd_ctl_t *ctl, snd_ctl_elem_value_t *data) { - assert(ctl && data && (data->id.name[0] || data->id.numid)); + if (!ctl || !data) { + fprintf(stderr, "Error: NULL pointer passed to snd_ctl_elem_read\n"); + return -EINVAL; + } + + if (!ctl->ops->element_read) { + fprintf(stderr, "Error: ctl->ops.element_read is NULL\n"); + return -EINVAL; + } + + assert(data->id.name[0] || data->id.numid); return ctl->ops->element_write(ctl, data); } -- Gitee