Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 23cad9b4 authored by Rahul Arya's avatar Rahul Arya
Browse files

Minimal fix for SDP crash 

When we invoke bta_dm_remname_cback, if we are waiting for a response
from a request sent in the DM module, but instead got a response from
SEC, we want to ignore it entirely, rather than updating the state
machine but then continuing to accept other events.

Bug: 231150390
Tag: #stability
Test: manual
Change-Id: I416fd112c270cc5725aec378cc9698a10911f02e
(cherry picked from commit 3c19edd1)
Merged-In: I416fd112c270cc5725aec378cc9698a10911f02e
parent f7c0a042

system/bta/dm/bta_dm_act.cc

+15 −7
Original line number Diff line number Diff line
@@ -1879,10 +1879,9 @@ static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr, 


  APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);



  rem_name.bd_addr = bd_addr;



  /* if this is what we are looking for */

  if (bta_dm_search_cb.peer_bdaddr == bd_addr) {

    rem_name.bd_addr = bd_addr;

    rem_name.length = strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name,

                              BD_NAME_LEN + 1);

    if (rem_name.length > BD_NAME_LEN) {
@@ -1904,6 +1903,9 @@ static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr, 
      APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",

                         __func__, btm_status);



      // needed so our response is not ignored, since this corresponds to the

      // actual peer_bdaddr

      rem_name.bd_addr = bta_dm_search_cb.peer_bdaddr;

      rem_name.length = 0;

      rem_name.remote_bd_name[0] = 0;

      rem_name.status = btm_status;
@@ -1926,11 +1928,6 @@ static void bta_dm_remname_cback(void* p) { 
  APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",

                   p_remote_name->length, p_remote_name->remote_bd_name);



  /* remote name discovery is done but it could be failed */

  bta_dm_search_cb.name_discover_done = true;

  strlcpy((char*)bta_dm_search_cb.peer_name,

          (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);



  if (bta_dm_search_cb.peer_bdaddr == p_remote_name->bd_addr) {

    if (bluetooth::shim::is_gd_security_enabled()) {

      bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
@@ -1938,8 +1935,19 @@ static void bta_dm_remname_cback(void* p) { 
    } else {

      BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);

    }

  } else {

    // if we got a different response, ignore it

    // we will have made a request directly from BTM_ReadRemoteDeviceName so we

    // expect a dedicated response for us

    LOG_INFO("ignoring remote name response in DM callback since it's for the wrong bd_addr");

    return;

  }



  /* remote name discovery is done but it could be failed */

  bta_dm_search_cb.name_discover_done = true;

  strlcpy((char*)bta_dm_search_cb.peer_name,

          (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);



  if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {

    GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);

  }