OSDN > Developer > hafixie93 > Chamber > system-bt > Commit

system-bt
Fork

Fork origin: android-x86 / system-bt

R/O
HTTP
SSH
HTTPS

Commit

Tags

No Tags

system/bt

Commit MetaInfo

Revision	8aba91ab967ed6cd1edba9062e723b57738e9303 (tree)
Time	2019-12-21 03:35:38
Author	Mike Logan <mikelogan@goog...>
Commiter	Android (Google) Code Review

Log Message

Merge "HCI: Check length of connection complete event" into qt-qpr1-dev

Change Summary

modified: stack/btu/btu_hcif.cc (diff)

Incremental Difference

--- a/stack/btu/btu_hcif.cc

+++ b/stack/btu/btu_hcif.cc

		@@ -69,7 +69,7 @@ static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len);
69	69	static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
70	70	uint8_t hci_evt_len);
71	71
72		-static void btu_hcif_connection_comp_evt(uint8_t* p);
	72	+static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len);
73	73	static void btu_hcif_connection_request_evt(uint8_t* p);
74	74	static void btu_hcif_disconnection_comp_evt(uint8_t* p);
75	75	static void btu_hcif_authentication_comp_evt(uint8_t* p);

		@@ -273,7 +273,7 @@ void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
273	273	btu_hcif_extended_inquiry_result_evt(p, hci_evt_len);
274	274	break;
275	275	case HCI_CONNECTION_COMP_EVT:
276		- btu_hcif_connection_comp_evt(p);
	276	+ btu_hcif_connection_comp_evt(p, hci_evt_len);
277	277	break;
278	278	case HCI_CONNECTION_REQUEST_EVT:
279	279	btu_hcif_connection_request_evt(p);

		@@ -992,7 +992,7 @@ static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
992	992	* Returns void
993	993	*
994	994	******************************************************************************/
995		-static void btu_hcif_connection_comp_evt(uint8_t* p) {
	995	+static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len) {
996	996	uint8_t status;
997	997	uint16_t handle;
998	998	RawAddress bda;

		@@ -1000,6 +1000,12 @@ static void btu_hcif_connection_comp_evt(uint8_t* p) {
1000	1000	uint8_t enc_mode;
1001	1001	tBTM_ESCO_DATA esco_data;
1002	1002
	1003	+ if (evt_len < 11) {
	1004	+ android_errorWriteLog(0x534e4554, "141619686");
	1005	+ HCI_TRACE_WARNING("%s: malformed event of size %hhd", __func__, evt_len);
	1006	+ return;
	1007	+ }
	1008	+
1003	1009	STREAM_TO_UINT8(status, p);
1004	1010	STREAM_TO_UINT16(handle, p);
1005	1011	STREAM_TO_BDADDR(bda, p);