Skip to content
Permalink
Browse files

Protect against NULL device in the Android hidapi implementation

  • Loading branch information
slouken committed Jun 7, 2019
1 parent 9261e47 commit 23a2b47790fc19a1edd6e5f96a12136c0b362001
Showing with 65 additions and 42 deletions.
  1. +65 −42 src/hidapi/android/hid.cpp
@@ -1027,25 +1027,31 @@ HID_API_EXPORT hid_device * HID_API_CALL hid_open_path(const char *path, int bEx

int HID_API_EXPORT HID_API_CALL hid_write(hid_device *device, const unsigned char *data, size_t length)
{
LOGV( "hid_write id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
return pDevice->SendOutputReport( data, length );
LOGV( "hid_write id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
return pDevice->SendOutputReport( data, length );
}
}
return -1; // Controller was disconnected
}

// TODO: Implement timeout?
int HID_API_EXPORT HID_API_CALL hid_read_timeout(hid_device *device, unsigned char *data, size_t length, int milliseconds)
{
// LOGV( "hid_read_timeout id=%d length=%u timeout=%d", device->m_nId, length, milliseconds );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
return pDevice->GetInput( data, length );
// LOGV( "hid_read_timeout id=%d length=%u timeout=%d", device->m_nId, length, milliseconds );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
return pDevice->GetInput( data, length );
}
LOGV( "controller was disconnected" );
}
LOGV( "controller was disconnected" );
return -1; // Controller was disconnected
}

@@ -1064,11 +1070,14 @@ int HID_API_EXPORT HID_API_CALL hid_set_nonblocking(hid_device *device, int non

int HID_API_EXPORT HID_API_CALL hid_send_feature_report(hid_device *device, const unsigned char *data, size_t length)
{
LOGV( "hid_send_feature_report id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
return pDevice->SendFeatureReport( data, length );
LOGV( "hid_send_feature_report id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
return pDevice->SendFeatureReport( data, length );
}
}
return -1; // Controller was disconnected
}
@@ -1077,66 +1086,80 @@ int HID_API_EXPORT HID_API_CALL hid_send_feature_report(hid_device *device, cons
// Synchronous operation. Will block until completed.
int HID_API_EXPORT HID_API_CALL hid_get_feature_report(hid_device *device, unsigned char *data, size_t length)
{
LOGV( "hid_get_feature_report id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
return pDevice->GetFeatureReport( data, length );
LOGV( "hid_get_feature_report id=%d length=%u", device->m_nId, length );
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
return pDevice->GetFeatureReport( data, length );
}
}
return -1; // Controller was disconnected
}


void HID_API_EXPORT HID_API_CALL hid_close(hid_device *device)
{
LOGV( "hid_close id=%d", device->m_nId );
hid_mutex_guard r( &g_DevicesRefCountMutex );
LOGD("Decrementing device %d (%p), refCount = %d\n", device->m_nId, device, device->m_nDeviceRefCount - 1);
if ( --device->m_nDeviceRefCount == 0 )
if ( device )
{
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
pDevice->Close( true );
}
else
LOGV( "hid_close id=%d", device->m_nId );
hid_mutex_guard r( &g_DevicesRefCountMutex );
LOGD("Decrementing device %d (%p), refCount = %d\n", device->m_nId, device, device->m_nDeviceRefCount - 1);
if ( --device->m_nDeviceRefCount == 0 )
{
delete device;
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
pDevice->Close( true );
}
else
{
delete device;
}
LOGD("Deleted device %p\n", device);
}
LOGD("Deleted device %p\n", device);
}

}

int HID_API_EXPORT_CALL hid_get_manufacturer_string(hid_device *device, wchar_t *string, size_t maxlen)
{
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
wcsncpy( string, pDevice->GetDeviceInfo()->manufacturer_string, maxlen );
return 0;
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
wcsncpy( string, pDevice->GetDeviceInfo()->manufacturer_string, maxlen );
return 0;
}
}
return -1;
}

int HID_API_EXPORT_CALL hid_get_product_string(hid_device *device, wchar_t *string, size_t maxlen)
{
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
wcsncpy( string, pDevice->GetDeviceInfo()->product_string, maxlen );
return 0;
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
wcsncpy( string, pDevice->GetDeviceInfo()->product_string, maxlen );
return 0;
}
}
return -1;
}

int HID_API_EXPORT_CALL hid_get_serial_number_string(hid_device *device, wchar_t *string, size_t maxlen)
{
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
if ( device )
{
wcsncpy( string, pDevice->GetDeviceInfo()->serial_number, maxlen );
return 0;
hid_device_ref<CHIDDevice> pDevice = FindDevice( device->m_nId );
if ( pDevice )
{
wcsncpy( string, pDevice->GetDeviceInfo()->serial_number, maxlen );
return 0;
}
}
return -1;
}

0 comments on commit 23a2b47

Please sign in to comment.