Merge "Fix null dereference read in android::hardware::bluetooth::hci::H4Protocol::Send" (3f2f348c) · Commits · e / os / android_hardware_interfaces

bluetooth/aidl/default/BluetoothHci.cpp

+18 −10

Original line number	Original line	Diff line number	Diff line
	@@ -176,7 +176,10 @@ void BluetoothHci::reset() {
	mFdWatcher.WatchFdForNonBlockingReads(mFd,		mFdWatcher.WatchFdForNonBlockingReads(mFd,
	[this](int) { mH4->OnDataReady(); });		[this](int) { mH4->OnDataReady(); });

	send(PacketType::COMMAND, reset);		ndk::ScopedAStatus result = send(PacketType::COMMAND, reset);
			if (!result.isOk()) {
			ALOGE("Error sending reset command");
			}
	auto status = resetFuture.wait_for(std::chrono::seconds(1));		auto status = resetFuture.wait_for(std::chrono::seconds(1));
	mFdWatcher.StopWatchingFileDescriptors();		mFdWatcher.StopWatchingFileDescriptors();
	if (status == std::future_status::ready) {		if (status == std::future_status::ready) {
	@@ -303,30 +306,35 @@ ndk::ScopedAStatus BluetoothHci::close() {

	ndk::ScopedAStatus BluetoothHci::sendHciCommand(		ndk::ScopedAStatus BluetoothHci::sendHciCommand(
	const std::vector<uint8_t>& packet) {		const std::vector<uint8_t>& packet) {
	send(PacketType::COMMAND, packet);		return send(PacketType::COMMAND, packet);
	return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus BluetoothHci::sendAclData(		ndk::ScopedAStatus BluetoothHci::sendAclData(
	const std::vector<uint8_t>& packet) {		const std::vector<uint8_t>& packet) {
	send(PacketType::ACL_DATA, packet);		return send(PacketType::ACL_DATA, packet);
	return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus BluetoothHci::sendScoData(		ndk::ScopedAStatus BluetoothHci::sendScoData(
	const std::vector<uint8_t>& packet) {		const std::vector<uint8_t>& packet) {
	send(PacketType::SCO_DATA, packet);		return send(PacketType::SCO_DATA, packet);
	return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus BluetoothHci::sendIsoData(		ndk::ScopedAStatus BluetoothHci::sendIsoData(
	const std::vector<uint8_t>& packet) {		const std::vector<uint8_t>& packet) {
	send(PacketType::ISO_DATA, packet);		return send(PacketType::ISO_DATA, packet);
	return ndk::ScopedAStatus::ok();
	}		}

	void BluetoothHci::send(PacketType type, const std::vector<uint8_t>& v) {		ndk::ScopedAStatus BluetoothHci::send(PacketType type,
			const std::vector<uint8_t>& v) {
			if (mH4 == nullptr) {
			return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
			}
			if (v.empty()) {
			ALOGE("Packet is empty, no data was found to be sent");
			return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
			}
	mH4->Send(type, v);		mH4->Send(type, v);
			return ndk::ScopedAStatus::ok();
	}		}

	} // namespace aidl::android::hardware::bluetooth::impl		} // namespace aidl::android::hardware::bluetooth::impl

bluetooth/aidl/default/BluetoothHci.h

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -66,7 +66,8 @@ class BluetoothHci : public BnBluetoothHci {
	::android::hardware::bluetooth::async::AsyncFdWatcher mFdWatcher;		::android::hardware::bluetooth::async::AsyncFdWatcher mFdWatcher;

	int getFdFromDevPath();		int getFdFromDevPath();
	void send(::android::hardware::bluetooth::hci::PacketType type,		[[nodiscard]] ndk::ScopedAStatus send(
			::android::hardware::bluetooth::hci::PacketType type,
	const std::vector<uint8_t>& packet);		const std::vector<uint8_t>& packet);
	std::unique_ptr<NetBluetoothMgmt> management_{};		std::unique_ptr<NetBluetoothMgmt> management_{};