Loading system/stack/btm/btm_ble_gap.cc +16 −1 Original line number Diff line number Diff line Loading @@ -3137,9 +3137,14 @@ static void btm_ble_observer_timer_timeout(UNUSED_ATTR void* data) { * Returns void * ******************************************************************************/ void btm_ble_read_remote_features_complete(uint8_t* p) { void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length) { uint16_t handle; uint8_t status; if (length < 3) { goto err_out; } STREAM_TO_UINT8(status, p); STREAM_TO_UINT16(handle, p); handle = handle & 0x0FFF; // only 12 bits meaningful Loading @@ -3154,6 +3159,12 @@ void btm_ble_read_remote_features_complete(uint8_t* p) { } if (status == HCI_SUCCESS) { // BD_FEATURES_LEN additional bytes are read // in acl_set_peer_le_features_from_handle if (length < 3 + BD_FEATURES_LEN) { goto err_out; } if (!acl_set_peer_le_features_from_handle(handle, p)) { LOG_ERROR( "Unable to find existing connection after read remote features"); Loading @@ -3162,6 +3173,10 @@ void btm_ble_read_remote_features_complete(uint8_t* p) { } btsnd_hcic_rmt_ver_req(handle); return; err_out: LOG_ERROR("bogus event packet, too short"); } /******************************************************************************* Loading system/stack/btu/btu_hcif.cc +1 −1 Original line number Diff line number Diff line Loading @@ -346,7 +346,7 @@ void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, btu_ble_ll_conn_param_upd_evt(p, ble_evt_len); break; case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT: btm_ble_read_remote_features_complete(p); btm_ble_read_remote_features_complete(p, ble_evt_len); break; case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */ btu_ble_proc_ltk_req(p); Loading system/stack/include/ble_hci_link_interface.h +1 −1 Original line number Diff line number Diff line Loading @@ -27,7 +27,7 @@ void btm_ble_process_adv_pkt(uint8_t len, const uint8_t* p); void btm_ble_process_ext_adv_pkt(uint8_t len, const uint8_t* p); void btm_ble_process_phy_update_pkt(uint8_t len, uint8_t* p); void btm_ble_read_remote_features_complete(uint8_t* p); void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length); void btm_le_on_advertising_set_terminated(uint8_t* p, uint16_t length); extern void btm_ble_write_adv_enable_complete(uint8_t* p, uint16_t evt_len); extern void btm_ble_create_ll_conn_complete(tHCI_STATUS status); Loading system/test/mock/mock_stack_btm_ble_gap.cc +1 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ void btm_ble_process_ext_adv_pkt(uint8_t data_len, const uint8_t* data) { void btm_ble_process_phy_update_pkt(uint8_t len, uint8_t* data) { mock_function_count_map[__func__]++; } void btm_ble_read_remote_features_complete(uint8_t* p) { void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length) { mock_function_count_map[__func__]++; } void btm_ble_read_remote_name_cmpl(bool status, const RawAddress& bda, Loading Loading
system/stack/btm/btm_ble_gap.cc +16 −1 Original line number Diff line number Diff line Loading @@ -3137,9 +3137,14 @@ static void btm_ble_observer_timer_timeout(UNUSED_ATTR void* data) { * Returns void * ******************************************************************************/ void btm_ble_read_remote_features_complete(uint8_t* p) { void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length) { uint16_t handle; uint8_t status; if (length < 3) { goto err_out; } STREAM_TO_UINT8(status, p); STREAM_TO_UINT16(handle, p); handle = handle & 0x0FFF; // only 12 bits meaningful Loading @@ -3154,6 +3159,12 @@ void btm_ble_read_remote_features_complete(uint8_t* p) { } if (status == HCI_SUCCESS) { // BD_FEATURES_LEN additional bytes are read // in acl_set_peer_le_features_from_handle if (length < 3 + BD_FEATURES_LEN) { goto err_out; } if (!acl_set_peer_le_features_from_handle(handle, p)) { LOG_ERROR( "Unable to find existing connection after read remote features"); Loading @@ -3162,6 +3173,10 @@ void btm_ble_read_remote_features_complete(uint8_t* p) { } btsnd_hcic_rmt_ver_req(handle); return; err_out: LOG_ERROR("bogus event packet, too short"); } /******************************************************************************* Loading
system/stack/btu/btu_hcif.cc +1 −1 Original line number Diff line number Diff line Loading @@ -346,7 +346,7 @@ void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, btu_ble_ll_conn_param_upd_evt(p, ble_evt_len); break; case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT: btm_ble_read_remote_features_complete(p); btm_ble_read_remote_features_complete(p, ble_evt_len); break; case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */ btu_ble_proc_ltk_req(p); Loading
system/stack/include/ble_hci_link_interface.h +1 −1 Original line number Diff line number Diff line Loading @@ -27,7 +27,7 @@ void btm_ble_process_adv_pkt(uint8_t len, const uint8_t* p); void btm_ble_process_ext_adv_pkt(uint8_t len, const uint8_t* p); void btm_ble_process_phy_update_pkt(uint8_t len, uint8_t* p); void btm_ble_read_remote_features_complete(uint8_t* p); void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length); void btm_le_on_advertising_set_terminated(uint8_t* p, uint16_t length); extern void btm_ble_write_adv_enable_complete(uint8_t* p, uint16_t evt_len); extern void btm_ble_create_ll_conn_complete(tHCI_STATUS status); Loading
system/test/mock/mock_stack_btm_ble_gap.cc +1 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ void btm_ble_process_ext_adv_pkt(uint8_t data_len, const uint8_t* data) { void btm_ble_process_phy_update_pkt(uint8_t len, uint8_t* data) { mock_function_count_map[__func__]++; } void btm_ble_read_remote_features_complete(uint8_t* p) { void btm_ble_read_remote_features_complete(uint8_t* p, uint8_t length) { mock_function_count_map[__func__]++; } void btm_ble_read_remote_name_cmpl(bool status, const RawAddress& bda, Loading
