search

akexorcist / BluetoothSPPLibrary

[UNMAINTAINED][Android] Bluetooth Serial Port Profile which comfortable to developer application to communication with microcontroller via bluetooth
Apache License 2.0
1.7k stars 570 forks source link

Possible crash (out of bounds) in BluetoothSPP.autoConnect, wrong address & name passed to callback #31

Open ryazmin opened 9 years ago

ryazmin commented 9 years ago 
            String[] arr_name = getPairedDeviceName();
            String[] arr_address = getPairedDeviceAddress();
            for(int i = 0 ; i < arr_name.length ; i++) {
                if(arr_name[i].contains(keywordName)) {
                    arr_filter_address.add(arr_address[i]);
                    arr_filter_name.add(arr_name[i]);
                }
            }
...
...
...
            c = 0;
            if(mAutoConnectionListener != null)
                mAutoConnectionListener.onNewConnection(arr_name[c], arr_address[c]); <-- crash

if device don't have paired devices

Also the wrong name and address are passed to onNewConnection callback, because the library will try to connect to filtered device which can have a different array index.

if(arr_filter_address.size() > 0) 
                connect(arr_filter_address.get(c));
            else 
                Toast.makeText(mContext, "Device name mismatch", Toast.LENGTH_SHORT).show();

Or the library will not even try to connect if there is no devices which match the filter.