Loading system/bta/pan/bta_pan_act.c +11 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ #if defined(PAN_INCLUDED) && (PAN_INCLUDED == TRUE) #include <cutils/log.h> #include "bta_api.h" #include "bta_sys.h" #include "gki.h" Loading Loading @@ -206,6 +208,15 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, if ( sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset ) { if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len > GKI_get_pool_bufsize(PAN_POOL_ID)) { android_errorWriteLog(0x534e4554, "63146237"); APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__, p_buf->len); GKI_freebuf(p_buf); return; } /* offset smaller than data structure in front of actual data */ p_new_buf = (BT_HDR *)GKI_getpoolbuf( PAN_POOL_ID ); if(!p_new_buf) Loading Loading
system/bta/pan/bta_pan_act.c +11 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ #if defined(PAN_INCLUDED) && (PAN_INCLUDED == TRUE) #include <cutils/log.h> #include "bta_api.h" #include "bta_sys.h" #include "gki.h" Loading Loading @@ -206,6 +208,15 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, if ( sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset ) { if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len > GKI_get_pool_bufsize(PAN_POOL_ID)) { android_errorWriteLog(0x534e4554, "63146237"); APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__, p_buf->len); GKI_freebuf(p_buf); return; } /* offset smaller than data structure in front of actual data */ p_new_buf = (BT_HDR *)GKI_getpoolbuf( PAN_POOL_ID ); if(!p_new_buf) Loading
