Fix an "array index out of bound" bug for RPA. (0326dde5) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/btm/btm_ble_gap.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -28,8 +28,9 @@

		#include "bt_types.h"
		#include "bt_utils.h"
		#include "btu.h"
		#include "btm_int.h"
		#include "btm_ble_api.h"
		#include "btu.h"
		#include "hcimsgs.h"
		#if (GAP_INCLUDED == TRUE)
		#include "gap_api.h"
		@@ -609,7 +610,8 @@ void BTM_BleConfigPrivacy(BOOLEAN enable)
		*******************************************************************************/
		BTM_API extern UINT8 BTM_BleMaxMultiAdvInstanceCount()
		{
		return btm_cb.cmn_ble_vsc_cb.adv_inst_max;
		return btm_cb.cmn_ble_vsc_cb.adv_inst_max < BTM_BLE_MULTI_ADV_MAX ?
		btm_cb.cmn_ble_vsc_cb.adv_inst_max : BTM_BLE_MULTI_ADV_MAX;
		}

		#if BLE_PRIVACY_SPT == TRUE

+3 −3

Original line number	Diff line number	Diff line
		@@ -383,7 +383,7 @@ void btm_ble_multi_adv_gen_rpa_cmpl(tBTM_RAND_ENC *p)
		}
		else
		{
		btm_multi_adv_idx_q.front = btm_multi_adv_idx_q.front +1 % BTM_BLE_MULTI_ADV_MAX;
		btm_multi_adv_idx_q.front = (btm_multi_adv_idx_q.front + 1) % BTM_BLE_MULTI_ADV_MAX;
		}
		}

		@@ -433,7 +433,7 @@ void btm_ble_multi_adv_gen_rpa_cmpl(tBTM_RAND_ENC *p)
		*******************************************************************************/
		void btm_ble_multi_adv_configure_rpa (tBTM_BLE_MULTI_ADV_INST *p_inst)
		{
		if (btm_multi_adv_idx_q.front == btm_multi_adv_idx_q.rear +1 % BTM_BLE_MULTI_ADV_MAX)
		if (btm_multi_adv_idx_q.front == (btm_multi_adv_idx_q.rear + 1) % BTM_BLE_MULTI_ADV_MAX)
		{
		BTM_TRACE_ERROR("outstanding rand generation exceeded max allowed ");
		return;
		@@ -447,7 +447,7 @@ void btm_ble_multi_adv_configure_rpa (tBTM_BLE_MULTI_ADV_INST *p_inst)
		}
		else
		{
		btm_multi_adv_idx_q.rear = btm_multi_adv_idx_q.rear +1 % BTM_BLE_MULTI_ADV_MAX;
		btm_multi_adv_idx_q.rear = (btm_multi_adv_idx_q.rear + 1) % BTM_BLE_MULTI_ADV_MAX;
		}
		btm_multi_adv_idx_q.inst_index_queue[btm_multi_adv_idx_q.rear] = p_inst->index;
		}