Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 142cc021 authored by Chris Manton's avatar Chris Manton
Browse files

gd: Port of previous scn security update 

Fix memory overflow.

Code moved preventing proper application.

Bug: 180939982
Test: gd/cert/run
Tag: #refactor

Merged-In: 1be3b836e09901c9cc614b02e21ae41b9a1ebfac
Change-Id: 1be3b836e09901c9cc614b02e21ae41b9a1ebfac
(cherry picked from commit
 8d9eb989)

Change-Id: I8490bca9e8c902ce61404d34b87a0e53fae104ab
parent 1f505f34

system/stack/btm/btm_acl.cc

deleted100644 → 0
+0 −2595

File deleted.

Preview size limit exceeded, changes collapsed.

system/stack/btm/btm_scn.cc

+2 −2
Original line number Diff line number Diff line
@@ -60,7 +60,7 @@ bool BTM_TryAllocateSCN(uint8_t scn) { 
  /* Make sure we don't exceed max port range.

   * Stack reserves scn 1 for HFP, HSP we still do the correct way.

   */

  if ((scn >= PORT_MAX_RFC_PORTS) || (scn == 1)) return false;

  if ((scn >= PORT_MAX_RFC_PORTS) || (scn == 1) || (scn == 0)) return false;



  /* check if this port is available */

  if (!btm_cb.btm_scn[scn - 1]) {
@@ -82,7 +82,7 @@ bool BTM_TryAllocateSCN(uint8_t scn) { 
 ******************************************************************************/

bool BTM_FreeSCN(uint8_t scn) {

  BTM_TRACE_DEBUG("BTM_FreeSCN ");

  if (scn <= PORT_MAX_RFC_PORTS) {

  if (scn <= PORT_MAX_RFC_PORTS && scn > 0) {

    btm_cb.btm_scn[scn - 1] = false;

    return (true);

  } else {