From adf135ef10eed671776fb4d6752cdfb14c82410c Mon Sep 17 00:00:00 2001
From: Daniel Dakhno <dakhnod@gmail.com>
Date: Thu, 9 Jan 2020 14:45:24 +0100
Subject: [PATCH] fixed dangling request and bufferoverflow

---
 .../qhybrid/adapter/fossil/FossilWatchAdapter.java |  5 +++++
 .../fossil_hr/music/MusicInfoSetRequest.java       | 14 +++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/adapter/fossil/FossilWatchAdapter.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/adapter/fossil/FossilWatchAdapter.java
index 2ad085b1b..e4d2c1e98 100644
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/adapter/fossil/FossilWatchAdapter.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/adapter/fossil/FossilWatchAdapter.java
@@ -590,6 +590,11 @@ public class FossilWatchAdapter extends WatchAdapter {
         log("executing request: " + request.getName());
         this.fossilRequest = request;
         new TransactionBuilder(request.getClass().getSimpleName()).write(getDeviceSupport().getCharacteristic(request.getRequestUUID()), request.getRequestData()).queue(getDeviceSupport().getQueue());
+
+        if(request.isFinished()){
+            this.fossilRequest = null;
+            queueNextRequest();
+        }
     }
 
     public void queueWrite(Request request, boolean priorise) {
diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/requests/fossil_hr/music/MusicInfoSetRequest.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/requests/fossil_hr/music/MusicInfoSetRequest.java
index 7331b90e0..6546cbc37 100644
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/requests/fossil_hr/music/MusicInfoSetRequest.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/qhybrid/requests/fossil_hr/music/MusicInfoSetRequest.java
@@ -13,8 +13,12 @@ public class MusicInfoSetRequest extends FilePutRequest {
     }
 
     private static byte[] createFile(String artist, String album, String title) {
-        int length = artist.length() + album.length() + title.length()
-                + 3 // null terminators
+        //counting byte array length because of utf chars, they may take up two bytes
+        int titleLength = title.getBytes().length + 1; // +1 = null terminator
+        int albumLength = album.getBytes().length + 1;
+        int artistLength = artist.getBytes().length + 1;
+
+        int length = artistLength + albumLength + titleLength
                 + 8; // length and header
 
         ByteBuffer buffer = ByteBuffer.allocate(length);
@@ -22,9 +26,9 @@ public class MusicInfoSetRequest extends FilePutRequest {
 
         buffer.putShort((short) length);
         buffer.put((byte) 0x01); // dunno
-        buffer.put((byte) (title.length() + 1));
-        buffer.put((byte) (artist.length() + 1));
-        buffer.put((byte) (album.length() + 1));
+        buffer.put((byte) (titleLength));
+        buffer.put((byte) (artistLength));
+        buffer.put((byte) (albumLength));
         buffer.put((byte) 0x0C); // dunno
         buffer.put((byte) 0x00); // dunno