[resolved conflict] Fix multiple OOB bugs resulted from tx mtu in EATT am: ea76b7d99e (3b942b84) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/eatt/eatt.h

+9 −3

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@

		#pragma once

		#include <algorithm>
		#include <queue>

		#include "stack/gatt/gatt_int.h"
		@@ -25,6 +26,7 @@
		#define EATT_MIN_MTU_MPS (64)
		#define EATT_DEFAULT_MTU (256)
		#define EATT_ALL_CIDS (0xFFFF)
		#define EATT_MAX_TX_MTU (1024)

		namespace bluetooth {
		namespace eatt {
		@@ -59,12 +61,13 @@ class EattChannel {
		EattChannel(RawAddress& bda, uint16_t cid, uint16_t tx_mtu, uint16_t rx_mtu)
		: bda_(bda),
		cid_(cid),
		tx_mtu_(tx_mtu),
		rx_mtu_(rx_mtu),
		state_(EattChannelState::EATT_CHANNEL_PENDING),
		indicate_handle_(0),
		ind_ack_timer_(NULL),
		ind_confirmation_timer_(NULL) {}
		ind_confirmation_timer_(NULL) {
		EattChannelSetTxMTU(tx_mtu);
		}

		~EattChannel() {
		if (ind_ack_timer_ != NULL) {
		@@ -93,7 +96,10 @@ class EattChannel {
		}
		state_ = state;
		}
		void EattChannelSetTxMTU(uint16_t tx_mtu) { this->tx_mtu_ = tx_mtu; }

		void EattChannelSetTxMTU(uint16_t tx_mtu) {
		this->tx_mtu_ = std::min<uint16_t>(tx_mtu, EATT_MAX_TX_MTU);
		}
		};

		/* Interface class */

+1 −1

Original line number	Diff line number	Diff line
		@@ -276,7 +276,7 @@ struct eatt_impl {
		if (is_local_cfg)
		channel->rx_mtu_ = p_cfg->mtu;
		else
		channel->tx_mtu_ = p_cfg->mtu;
		channel->EattChannelSetTxMTU(p_cfg->mtu);

		/* Go back to open state */
		channel->EattChannelSetState(EattChannelState::EATT_CHANNEL_OPENED);