Loading system/stack/gatt/gatt_sr.cc +21 −0 Original line number Diff line number Diff line Loading @@ -768,6 +768,11 @@ void gatts_process_primary_service_req(tGATT_TCB& tcb, uint16_t cid, uint8_t op_ uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } uint16_t msg_len = (uint16_t)(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET); BT_HDR* p_msg = (BT_HDR*)osi_calloc(msg_len); reason = gatt_build_primary_service_rsp(p_msg, tcb, cid, op_code, s_hdl, e_hdl, p_data, value); Loading Loading @@ -800,6 +805,12 @@ static void gatts_process_find_info(tGATT_TCB& tcb, uint16_t cid, uint8_t op_cod } uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } uint16_t buf_len = (uint16_t)(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET); BT_HDR* p_msg = (BT_HDR*)osi_calloc(buf_len); Loading Loading @@ -945,6 +956,11 @@ static void gatts_process_read_by_type_req(tGATT_TCB& tcb, uint16_t cid, uint8_t uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } size_t msg_len = sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET; BT_HDR* p_msg = (BT_HDR*)osi_calloc(msg_len); uint8_t* p = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET; Loading Loading @@ -1092,6 +1108,11 @@ static void gatts_process_read_req(tGATT_TCB& tcb, uint16_t cid, tGATT_SRV_LIST_ uint8_t* p_data) { uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } size_t buf_len = sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET; uint16_t offset = 0; Loading Loading
system/stack/gatt/gatt_sr.cc +21 −0 Original line number Diff line number Diff line Loading @@ -768,6 +768,11 @@ void gatts_process_primary_service_req(tGATT_TCB& tcb, uint16_t cid, uint8_t op_ uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } uint16_t msg_len = (uint16_t)(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET); BT_HDR* p_msg = (BT_HDR*)osi_calloc(msg_len); reason = gatt_build_primary_service_rsp(p_msg, tcb, cid, op_code, s_hdl, e_hdl, p_data, value); Loading Loading @@ -800,6 +805,12 @@ static void gatts_process_find_info(tGATT_TCB& tcb, uint16_t cid, uint8_t op_cod } uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } uint16_t buf_len = (uint16_t)(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET); BT_HDR* p_msg = (BT_HDR*)osi_calloc(buf_len); Loading Loading @@ -945,6 +956,11 @@ static void gatts_process_read_by_type_req(tGATT_TCB& tcb, uint16_t cid, uint8_t uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } size_t msg_len = sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET; BT_HDR* p_msg = (BT_HDR*)osi_calloc(msg_len); uint8_t* p = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET; Loading Loading @@ -1092,6 +1108,11 @@ static void gatts_process_read_req(tGATT_TCB& tcb, uint16_t cid, tGATT_SRV_LIST_ uint8_t* p_data) { uint16_t payload_size = gatt_tcb_get_payload_size(tcb, cid); // This can happen if the channel is already closed. if (payload_size == 0) { return; } size_t buf_len = sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET; uint16_t offset = 0; Loading
