Loading system/stack/avct/avct_lcb_act.cc +7 −1 Original line number Diff line number Diff line Loading @@ -94,13 +94,19 @@ static BT_HDR* avct_lcb_msg_asmbl(tAVCT_LCB* p_lcb, BT_HDR* p_buf) { if (p_lcb->p_rx_msg != NULL) AVCT_TRACE_WARNING("Got start during reassembly"); osi_free(p_lcb->p_rx_msg); osi_free_and_reset((void**)&p_lcb->p_rx_msg); /* * Allocate bigger buffer for reassembly. As lower layers are * not aware of possible packet size after reassembly, they * would have allocated smaller buffer. */ if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) { android_errorWriteLog(0x534e4554, "232023771"); osi_free(p_buf); p_ret = NULL; return p_ret; } p_lcb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); memcpy(p_lcb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len); Loading system/stack/avdt/avdt_msg.cc +4 −2 Original line number Diff line number Diff line Loading @@ -1251,11 +1251,13 @@ BT_HDR* avdt_msg_asmbl(AvdtpCcb* p_ccb, BT_HDR* p_buf) { * not aware of possible packet size after reassembly, they * would have allocated smaller buffer. */ p_ccb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) { android_errorWriteLog(0x534e4554, "232023771"); return NULL; osi_free(p_buf); p_ret = NULL; return p_ret; } p_ccb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); memcpy(p_ccb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len); /* Free original buffer */ Loading Loading
system/stack/avct/avct_lcb_act.cc +7 −1 Original line number Diff line number Diff line Loading @@ -94,13 +94,19 @@ static BT_HDR* avct_lcb_msg_asmbl(tAVCT_LCB* p_lcb, BT_HDR* p_buf) { if (p_lcb->p_rx_msg != NULL) AVCT_TRACE_WARNING("Got start during reassembly"); osi_free(p_lcb->p_rx_msg); osi_free_and_reset((void**)&p_lcb->p_rx_msg); /* * Allocate bigger buffer for reassembly. As lower layers are * not aware of possible packet size after reassembly, they * would have allocated smaller buffer. */ if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) { android_errorWriteLog(0x534e4554, "232023771"); osi_free(p_buf); p_ret = NULL; return p_ret; } p_lcb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); memcpy(p_lcb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len); Loading
system/stack/avdt/avdt_msg.cc +4 −2 Original line number Diff line number Diff line Loading @@ -1251,11 +1251,13 @@ BT_HDR* avdt_msg_asmbl(AvdtpCcb* p_ccb, BT_HDR* p_buf) { * not aware of possible packet size after reassembly, they * would have allocated smaller buffer. */ p_ccb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) { android_errorWriteLog(0x534e4554, "232023771"); return NULL; osi_free(p_buf); p_ret = NULL; return p_ret; } p_ccb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE); memcpy(p_ccb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len); /* Free original buffer */ Loading
