Merge "SDP: Pass the bounds to process_service_*_rsp" into oc-dev

#include "hcidefs.h"

#include "hcimsgs.h"

#include "l2cdefs.h"

#include "log/log.h"

#include "sdp_api.h"

#include "sdpint.h"

/******************************************************************************/

/*            L O C A L    F U N C T I O N     P R O T O T Y P E S            */

/******************************************************************************/

static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply);

static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply);

static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply);

static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                       uint8_t* p_reply_end);

static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                     uint8_t* p_reply_end);

static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                            uint8_t* p_reply_end);

static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end);

static tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, BD_ADDR p_bda);

static uint8_t* add_attr(uint8_t* p, tSDP_DISCOVERY_DB* p_db,

  if (p_ccb->is_attr_search) {

    p_ccb->disc_state = SDP_DISC_WAIT_SEARCH_ATTR;

    process_service_search_attr_rsp(p_ccb, NULL);

    process_service_search_attr_rsp(p_ccb, NULL, NULL);

  } else {

    /* First step is to get a list of the handles from the server. */

    /* We are not searching for a specific attribute, so we will   */

  /* Got a reply!! Check what we got back */

  p = (uint8_t*)(p_msg + 1) + p_msg->offset;

  uint8_t* p_end = (uint8_t*)(p_msg + 1) + p_msg->len;

  BE_STREAM_TO_UINT8(rsp_pdu, p);

  switch (rsp_pdu) {

    case SDP_PDU_SERVICE_SEARCH_RSP:

      if (p_ccb->disc_state == SDP_DISC_WAIT_HANDLES) {

        process_service_search_rsp(p_ccb, p);

        process_service_search_rsp(p_ccb, p, p_end);

        invalid_pdu = false;

      }

      break;

    case SDP_PDU_SERVICE_ATTR_RSP:

      if (p_ccb->disc_state == SDP_DISC_WAIT_ATTR) {

        process_service_attr_rsp(p_ccb, p);

        process_service_attr_rsp(p_ccb, p, p_end);

        invalid_pdu = false;

      }

      break;

    case SDP_PDU_SERVICE_SEARCH_ATTR_RSP:

      if (p_ccb->disc_state == SDP_DISC_WAIT_SEARCH_ATTR) {

        process_service_search_attr_rsp(p_ccb, p);

        process_service_search_attr_rsp(p_ccb, p, p_end);

        invalid_pdu = false;

      }

      break;

 * Returns          void

 *

 ******************************************************************************/

static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply) {

static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                       uint8_t* p_reply_end) {

  uint16_t xx;

  uint16_t total, cur_handles, orig;

  uint8_t cont_len;

      sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);

      return;

    }

    if (p_reply + cont_len > p_reply_end) {

      android_errorWriteLog(0x534e4554, "68161546");

      sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);

      return;

    }

    /* stay in the same state */

    sdp_snd_service_search_req(p_ccb, cont_len, p_reply);

  } else {

    p_ccb->disc_state = SDP_DISC_WAIT_ATTR;

    /* Kick off the first attribute request */

    process_service_attr_rsp(p_ccb, NULL);

    process_service_attr_rsp(p_ccb, NULL, NULL);

  }

}

 * Returns          void

 *

 ******************************************************************************/

static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply) {

static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                     uint8_t* p_reply_end) {

  uint8_t *p_start, *p_param_len;

  uint16_t param_len, list_byte_count;

  bool cont_request_needed = false;

    /* Was this a continuation request ? */

    if (cont_request_needed) {

      if ((p_reply + *p_reply + 1) <= p_reply_end) {

        memcpy(p, p_reply, *p_reply + 1);

        p += *p_reply + 1;

      } else {

        android_errorWriteLog(0x534e4554, "68161546");

      }

    } else

      UINT8_TO_BE_STREAM(p, 0);

 * Returns          void

 *

 ******************************************************************************/

static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply) {

static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,

                                            uint8_t* p_reply_end) {

  uint8_t *p, *p_start, *p_end, *p_param_len;

  uint8_t type;

  uint32_t seq_len;

    /* No continuation for first request */

    if (p_reply) {

      if ((p_reply + *p_reply + 1) <= p_reply_end) {

        memcpy(p, p_reply, *p_reply + 1);

        p += *p_reply + 1;

      } else {

        android_errorWriteLog(0x534e4554, "68161546");

      }

    } else

      UINT8_TO_BE_STREAM(p, 0);