Bug 1061535 - [B2G][RIL] Relax restrictions on EF_IMG error handling. r=edgar, a=bajaj
authorHsin-Yi Tsai <htsai@mozilla.com>
Mon, 15 Sep 2014 00:57:00 -0400
changeset 224870 68c19178a60d0147a7c77edd576fa8a34fde3dc5
parent 224869 5a9a2c33f2e12398e87134d09dc49e5b77fadc5c
child 224871 30b8a67017bb9e2e149324044277cdd4a14a59c3
push id3979
push userraliiev@mozilla.com
push dateMon, 13 Oct 2014 16:35:44 +0000
treeherdermozilla-beta@30f2cc610691 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersedgar, bajaj
bugs1061535
milestone34.0a2
Bug 1061535 - [B2G][RIL] Relax restrictions on EF_IMG error handling. r=edgar, a=bajaj
dom/system/gonk/ril_worker.js
--- a/dom/system/gonk/ril_worker.js
+++ b/dom/system/gonk/ril_worker.js
@@ -13582,20 +13582,22 @@ SimRecordHelperObject.prototype = {
       let Buf = this.context.Buf;
       let GsmPDUHelper = this.context.GsmPDUHelper;
       let strLen = Buf.readInt32();
       // Each octet is encoded into two chars.
       let octetLen = strLen / 2;
 
       let numInstances = GsmPDUHelper.readHexOctet();
 
-      // Correct data length should be 9n+1 or 9n+2. See TS 31.102, sub-clause
-      // 4.6.1.1.
-      if (octetLen != (9 * numInstances + 1) ||
-          octetLen != (9 * numInstances + 2)) {
+      // Data length is defined as 9n+1 or 9n+2. See TS 31.102, sub-clause
+      // 4.6.1.1. However, it's likely to have padding appended so we have a
+      // rather loose check.
+      if (octetLen < (9 * numInstances + 1)) {
+        Buf.seekIncoming((octetLen - 1) * Buf.PDU_HEX_OCTET_SIZE);
+        Buf.readStringDelimiter(strLen);
         if (onerror) {
           onerror();
         }
         return;
       }
 
       let imgDescriptors = [];
       for (let i = 0; i < numInstances; i++) {
@@ -13606,16 +13608,17 @@ SimRecordHelperObject.prototype = {
           fileId: (GsmPDUHelper.readHexOctet() << 8) |
                   GsmPDUHelper.readHexOctet(),
           offset: (GsmPDUHelper.readHexOctet() << 8) |
                   GsmPDUHelper.readHexOctet(),
           dataLen: (GsmPDUHelper.readHexOctet() << 8) |
                    GsmPDUHelper.readHexOctet()
         };
       }
+      Buf.seekIncoming((octetLen - 9 * numInstances - 1) * Buf.PDU_HEX_OCTET_SIZE);
       Buf.readStringDelimiter(strLen);
 
       let instances = [];
       let currentInstance = 0;
       let readNextInstance = (function(img) {
         instances[currentInstance] = img;
         currentInstance++;
 
@@ -13665,16 +13668,18 @@ SimRecordHelperObject.prototype = {
       let GsmPDUHelper = this.context.GsmPDUHelper;
       let strLen = Buf.readInt32();
       // Each octet is encoded into two chars.
       let octetLen = strLen / 2;
 
       if (octetLen < offset + dataLen) {
         // Data length is not enough. See TS 31.102, clause 4.6.1.1, the
         // paragraph "Bytes 8 and 9: Length of Image Instance Data."
+        Buf.seekIncoming(octetLen * Buf.PDU_HEX_OCTET_SIZE);
+        Buf.readStringDelimiter(strLen);
         if (onerror) {
           onerror();
         }
         return;
       }
 
       Buf.seekIncoming(offset * Buf.PDU_HEX_OCTET_SIZE);