Public bug reported: GRil reads incoming bytes into ril_msg structure in function `read_fixed_record` in gril/gril.c. It's mostly working except it makes some assumptions that are not always true.
1. The `read_fixed_record` function calls `memmove` to copy data from ring_buffer, which follows that the whole parcel must not be wrapped. This is usually true because whenever a parcel is read, the ring_buffer rewind its in/out position markers to the beginning. However, if somehow rild transmits massive amount of parcels, or due to various reasons that the gio thread is not waked up in time and a lot of incoming data queued in kernel, then a parcel that spans across the boundary becomes very likely. This is actually the question raised in the comment: /* TODO: need to better understand how wrap works! */ With https://bugs.launchpad.net/ubuntu/+source/ofono/+bug/1408228, the GrilIO part is immune from this problem but the `read_fixed_record` is still affected. 2. One should really avoid using ring_buffer APIs that involve its internal states. Ring buffer wrapping should not be a concern to other components whenever possible. ** Affects: ofono (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1408239 Title: refactor GRil incoming bytes dispatching mechanism To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ofono/+bug/1408239/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
