Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 23cad9b4 authored by Rahul Arya's avatar Rahul Arya
Browse files

Minimal fix for SDP crash

When we invoke bta_dm_remname_cback, if we are waiting for a response
from a request sent in the DM module, but instead got a response from
SEC, we want to ignore it entirely, rather than updating the state
machine but then continuing to accept other events.

Bug: 231150390
Tag: #stability
Test: manual
Change-Id: I416fd112c270cc5725aec378cc9698a10911f02e
(cherry picked from commit 3c19edd1)
Merged-In: I416fd112c270cc5725aec378cc9698a10911f02e
parent f7c0a042
Loading
Loading
Loading
Loading
+15 −7
Original line number Diff line number Diff line
@@ -1879,10 +1879,9 @@ static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,

  APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);

  rem_name.bd_addr = bd_addr;

  /* if this is what we are looking for */
  if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
    rem_name.bd_addr = bd_addr;
    rem_name.length = strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name,
                              BD_NAME_LEN + 1);
    if (rem_name.length > BD_NAME_LEN) {
@@ -1904,6 +1903,9 @@ static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
      APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
                         __func__, btm_status);

      // needed so our response is not ignored, since this corresponds to the
      // actual peer_bdaddr
      rem_name.bd_addr = bta_dm_search_cb.peer_bdaddr;
      rem_name.length = 0;
      rem_name.remote_bd_name[0] = 0;
      rem_name.status = btm_status;
@@ -1926,11 +1928,6 @@ static void bta_dm_remname_cback(void* p) {
  APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
                   p_remote_name->length, p_remote_name->remote_bd_name);

  /* remote name discovery is done but it could be failed */
  bta_dm_search_cb.name_discover_done = true;
  strlcpy((char*)bta_dm_search_cb.peer_name,
          (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);

  if (bta_dm_search_cb.peer_bdaddr == p_remote_name->bd_addr) {
    if (bluetooth::shim::is_gd_security_enabled()) {
      bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
@@ -1938,8 +1935,19 @@ static void bta_dm_remname_cback(void* p) {
    } else {
      BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
    }
  } else {
    // if we got a different response, ignore it
    // we will have made a request directly from BTM_ReadRemoteDeviceName so we
    // expect a dedicated response for us
    LOG_INFO("ignoring remote name response in DM callback since it's for the wrong bd_addr");
    return;
  }

  /* remote name discovery is done but it could be failed */
  bta_dm_search_cb.name_discover_done = true;
  strlcpy((char*)bta_dm_search_cb.peer_name,
          (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);

  if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
    GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
  }