Re: GN_OP_OnSMS in nk6510

gnokii-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GN_OP_OnSMS in nk6510

From:	Bastien Nocera
Subject:	Re: GN_OP_OnSMS in nk6510
Date:	Fri, 13 Jul 2007 10:37:52 +0100
Hey Pawel,

On Tue, 2007-07-03 at 21:04 +0200, Pawel Kot wrote:
> Hi,
> 
> On 7/3/07, Bastien Nocera <address@hidden> wrote:
> > Is there any reason why GN_OP_OnSMS is disabled in the nk6510 driver?
> 
> Well, there are few possibilities. Either nobody tested it or it didn't work.
> 
> > Finally, I want to be notified on calls (and check battery info
> > regularly) as well, and I can't seem to find a good example of using
> > both GN_OP_SetCallNotification and GN_OP_OnSMS. Are they exclusive, or
> > can I set both notifications at once?
> 
> You can use both. But the subscription for FBUS are done by
> NK6510_Subscribe(). This way phone should send you an unsolicited
> frame with an incoming event (of given type).

I'm now getting crashes when receiving new messages using the nk6510
driver. Valgrind complains that data after the allocated memory is being
used, probably a problem in the SMS parsing.

There's the gdb output:
#0  0x000000350a630045 in *__GI_raise (sig=<value optimized out>) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x000000350a6319b0 in *__GI_abort () at abort.c:88
#2  0x000000350a66808b in __libc_message (do_abort=2, fmt=0x350a71a988 "*** 
glibc detected *** %s: %s: 0x%s ***\n") at 
../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x000000350a66fb74 in _int_malloc (av=0x350a94a960, bytes=19044) at 
malloc.c:5758
#4  0x000000350a6712fd in *__GI___libc_malloc (bytes=19044) at malloc.c:3468
#5  0x000000390c2361cb in IA__g_malloc (n_bytes=19044) at gmem.c:131
#6  0x000000390c24cf67 in IA__g_memdup (mem=0x89b9e0, byte_size=31873) at 
gstrfuncs.c:108
#7  0x0000000000410509 in phonemgr_listener_new_sms_cb (message=0x89b9e0, 
state=<value optimized out>, user_data=0x653000) at phonemgr-listener.c:365
#8  0x00000038df635330 in NK6510_IncomingSMS (messagetype=<value optimized 
out>, message=0x898c18 "\001\204&\004\002U", length=<value optimized out>, 
data=0x8b5c80, state=0x8ab0e8) at nk6510.c:1374
#9  0x00000038df613833 in sm_incoming_function (messagetype=2 '\002', 
message=0x898c18, messagesize=<value optimized out>, state=0x8ab0e8) at 
gsm-statemachine.c:127
#10 0x00000038df6529ec in phonet_loop (timeout=<value optimized out>, 
state=0x8ab0e8) at fbus-phonet.c:191
#11 0x00000038df613960 in gn_sm_loop (timeout=1, state=0x7c81) at 
gsm-statemachine.c:82
#12 0x00000038df613b05 in __sm_block_timeout (waitfor=<value optimized out>, 
t=40, data=0x41e39e60, state=0x8ab0e8) at gsm-statemachine.c:248
#13 0x00000038df613cc1 in sm_block_timeout (waitfor=1, t=40, data=0x41e39e60, 
state=0x8ab0e8) at gsm-statemachine.c:290
#14 0x00000038df6360dc in NK6510_GetActiveCalls (data=0x41e39e60, 
state=0x8ab0e8) at nk6510.c:4608
#15 0x00000038df63b918 in NK6510_Functions (op=<value optimized out>, 
data=0x41e39e60, state=0x8ab0e8) at nk6510.c:374
#16 0x00000038df623b42 in gn_call_check_active (state=0x8ab0e8) at 
gsm-call.c:193
#17 0x000000000040ff73 in phonemgr_listener_thread (l=0x653000) at 
phonemgr-listener.c:455
#18 0x000000390c2507e4 in g_thread_create_proxy (data=0x85fef0) at gthread.c:594
#19 0x000000350ca061b5 in start_thread (arg=<value optimized out>) at 
pthread_create.c:296

And the valgrind one:
==31928== Invalid write of size 4
==31928==    at 0x38DF623000: gn_sms_parse (gsm-sms.c:463)
==31928==    by 0x38DF63530B: NK6510_IncomingSMS (nk6510.c:1372)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928==  Address 0x8FD75E0 is 4 bytes after a block of size 19,044 alloc'd
==31928==    at 0x4A04BA2: calloc (vg_replace_malloc.c:279)
==31928==    by 0x38DF63564D: NK6510_IncomingSMS (nk6510.c:1366)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928== 
==31928== Invalid write of size 2
==31928==    at 0x38DF62300E: gn_sms_parse (gsm-sms.c:464)
==31928==    by 0x38DF63530B: NK6510_IncomingSMS (nk6510.c:1372)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928==  Address 0x8FD75E4 is 8 bytes after a block of size 19,044 alloc'd
==31928==    at 0x4A04BA2: calloc (vg_replace_malloc.c:279)
==31928==    by 0x38DF63564D: NK6510_IncomingSMS (nk6510.c:1366)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928== 
==31928== Invalid write of size 2
==31928==    at 0x38DF623019: gn_sms_parse (gsm-sms.c:465)
==31928==    by 0x38DF63530B: NK6510_IncomingSMS (nk6510.c:1372)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928==  Address 0x8FD75E6 is 10 bytes after a block of size 19,044 alloc'd
==31928==    at 0x4A04BA2: calloc (vg_replace_malloc.c:279)
==31928==    by 0x38DF63564D: NK6510_IncomingSMS (nk6510.c:1366)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928== 
==31928== Invalid write of size 2
==31928==    at 0x38DF623024: gn_sms_parse (gsm-sms.c:466)
==31928==    by 0x38DF63530B: NK6510_IncomingSMS (nk6510.c:1372)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)
==31928==  Address 0x8FD75E8 is 12 bytes after a block of size 19,044 alloc'd
==31928==    at 0x4A04BA2: calloc (vg_replace_malloc.c:279)
==31928==    by 0x38DF63564D: NK6510_IncomingSMS (nk6510.c:1366)
==31928==    by 0x38DF613832: sm_incoming_function (gsm-statemachine.c:127)
==31928==    by 0x38DF6529EB: phonet_loop (fbus-phonet.c:191)
==31928==    by 0x38DF61395F: gn_sm_loop (gsm-statemachine.c:82)
==31928==    by 0x410169: phonemgr_listener_thread (phonemgr-listener.c:439)
==31928==    by 0x390C2507E3: g_thread_create_proxy (gthread.c:594)
==31928==    by 0x350CA061B4: start_thread (pthread_create.c:296)
==31928==    by 0x350A6CE28C: clone (in /lib64/libc-2.5.so)


-- 
Bastien Nocera <address@hidden>
[Prev in Thread]
Current Thread
[Next in Thread]
Re: GN_OP_OnSMS in nk6510, (continued)
Prev by Date: Which current cellphone is supported in US on gnokii
Next by Date: Re: GN_OP_OnSMS in nk6510
Previous by thread: Re: GN_OP_OnSMS in nk6510
Next by thread: Re: GN_OP_OnSMS in nk6510
Index(es):
- Date
- Thread