Commit 20784d8a authored Nov 29, 2022 by Łukasz Rymanowski

eatt: Make command queue available since channel is pending

This fixes following crash when channel is removed being in the PENDING
state

Revision: 'PROTO1.0'
ABI: 'arm64'
pid: 24104, tid: 24163, name: bt_main_thread  >>> com.google.android.bluetooth <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x00000000000000a8
Cause: null pointer dereference
<snip>
(inlined)  std::__1::deque<tGATT_CMD_Q, std::__1::allocator<tGATT_CMD_Q>>::empty() const external/libcxx/include/deque:1330:50
0000000000xxxxxx  bluetooth::eatt::eatt_impl::remove_channel_by_cid(bluetooth::eatt::eatt_device*, unsigned short)
0000000000xxxxxx  bluetooth::eatt::eatt_impl::eatt_l2cap_error_cb(unsigned short, unsigned short)

Bug: 260709041
Tag: #feature
Test: compile
Merged-In: I21eac4f118456617122a26ec7764a811d4927279
Change-Id: I21eac4f118456617122a26ec7764a811d4927279
(cherry picked from commit 033b0586)

parent b63a5308

system/stack/eatt/eatt.h

+3 −2

Original line number	Diff line number	Diff line
		@@ -64,7 +64,9 @@ class EattChannel {
		state_(EattChannelState::EATT_CHANNEL_PENDING),
		indicate_handle_(0),
		ind_ack_timer_(NULL),
		ind_confirmation_timer_(NULL) {}
		ind_confirmation_timer_(NULL) {
		cl_cmd_q_ = std::deque<tGATT_CMD_Q>();
		}

		~EattChannel() {
		if (ind_ack_timer_ != NULL) {
		@@ -79,7 +81,6 @@ class EattChannel {
		void EattChannelSetState(EattChannelState state) {
		if (state_ == EattChannelState::EATT_CHANNEL_PENDING) {
		if (state == EattChannelState::EATT_CHANNEL_OPENED) {
		cl_cmd_q_ = std::deque<tGATT_CMD_Q>();
		memset(&server_outstanding_cmd_, 0, sizeof(tGATT_SR_CMD));
		char name[64];
		sprintf(name, "eatt_ind_ack_timer_%s_cid_0x%04x",