Loading system/bta/dm/bta_dm_act.cc +6 −3 Original line number Diff line number Diff line Loading @@ -3082,11 +3082,14 @@ static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) { } } } else { BTM_SecDeleteDevice(remote_bd_addr); // remote_bd_addr comes from security record, which is removed in // BTM_SecDeleteDevice. RawAddress addr_copy = remote_bd_addr; BTM_SecDeleteDevice(addr_copy); /* need to remove all pending background connection */ BTA_GATTC_CancelOpen(0, remote_bd_addr, false); BTA_GATTC_CancelOpen(0, addr_copy, false); /* remove all cached GATT information */ BTA_GATTC_Refresh(remote_bd_addr); BTA_GATTC_Refresh(addr_copy); } } Loading system/bta/hd/bta_hd_act.cc +29 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,7 @@ #include "bta_sys.h" #include "btm_api.h" #include "log/log.h" #include "osi/include/osi.h" static void bta_hd_cback(const RawAddress& bd_addr, uint8_t event, Loading Loading @@ -510,6 +511,10 @@ extern void bta_hd_intr_data_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); if (bta_hd_cb.use_report_id || bta_hd_cb.boot_mode) { if (len < 1) { android_errorWriteLog(0x534e4554, "109757986"); return; } ret.report_id = *p_buf; len--; Loading Loading @@ -544,15 +549,31 @@ extern void bta_hd_get_report_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); uint16_t remaining_len = p_msg->len; if (remaining_len < 1) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.report_type = *p_buf & HID_PAR_REP_TYPE_MASK; p_buf++; remaining_len--; if (bta_hd_cb.use_report_id) { if (remaining_len < 1) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.report_id = *p_buf; p_buf++; remaining_len--; } if (rep_size_follows) { if (remaining_len < 2) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.buffer_size = *p_buf | (*(p_buf + 1) << 8); } Loading @@ -579,11 +600,19 @@ extern void bta_hd_set_report_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); if (len < 1) { android_errorWriteLog(0x534e4554, "110846194"); return; } ret.report_type = *p_buf & HID_PAR_REP_TYPE_MASK; p_buf++; len--; if (bta_hd_cb.use_report_id || bta_hd_cb.boot_mode) { if (len < 1) { android_errorWriteLog(0x534e4554, "109757435"); return; } ret.report_id = *p_buf; len--; Loading system/btif/src/btif_hf.cc +16 −1 Original line number Diff line number Diff line Loading @@ -1020,12 +1020,20 @@ bt_status_t HeadsetInterface::ClccResponse( dialnum[newidx++] = '+'; } for (size_t i = 0; number[i] != 0; i++) { if (newidx >= (sizeof(dialnum) - res_strlen - 1)) { android_errorWriteLog(0x534e4554, "79266386"); break; } if (utl_isdialchar(number[i])) { dialnum[newidx++] = number[i]; } } dialnum[newidx] = 0; snprintf(&ag_res.str[res_strlen], rem_bytes, ",\"%s\",%d", dialnum, type); // Reserve 5 bytes for ["][,][3_digit_type] snprintf(&ag_res.str[res_strlen], rem_bytes - 5, ",\"%s", dialnum); std::stringstream remaining_string; remaining_string << "\"," << type; strncat(&ag_res.str[res_strlen], remaining_string.str().c_str(), 5); } } BTA_AgResult(btif_hf_cb[idx].handle, BTA_AG_CLCC_RES, ag_res); Loading Loading @@ -1172,6 +1180,13 @@ bt_status_t HeadsetInterface::PhoneStateChange( else xx = snprintf(ag_res.str, sizeof(ag_res.str), "\"%s\"", number); ag_res.num = type; // 5 = [,][3_digit_type][null_terminator] if (xx > static_cast<int>(sizeof(ag_res.str) - 5)) { android_errorWriteLog(0x534e4554, "79431031"); xx = sizeof(ag_res.str) - 5; // Null terminating the string memset(&ag_res.str[xx], 0, 5); } if (res == BTA_AG_CALL_WAIT_RES) snprintf(&ag_res.str[xx], sizeof(ag_res.str) - xx, ",%d", type); Loading system/stack/btm/btm_dev.cc +10 −10 Original line number Diff line number Diff line Loading @@ -149,17 +149,16 @@ bool BTM_SecAddDevice(const RawAddress& bd_addr, DEV_CLASS dev_class, return true; } /******************************************************************************* * * Function BTM_SecDeleteDevice /** Free resources associated with the device associated with |bd_addr| address. * * Description Free resources associated with the device. * * Parameters: bd_addr - BD address of the peer * *** WARNING *** * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is * no longer valid! * *** WARNING *** * * Returns true if removed OK, false if not found or ACL link is active * ******************************************************************************/ * Returns true if removed OK, false if not found or ACL link is active. */ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) || BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR)) { Loading @@ -170,9 +169,10 @@ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); if (p_dev_rec != NULL) { RawAddress bda = p_dev_rec->bd_addr; btm_sec_free_dev(p_dev_rec); /* Tell controller to get rid of the link key, if it has one stored */ BTM_DeleteStoredLinkKey(&p_dev_rec->bd_addr, NULL); BTM_DeleteStoredLinkKey(&bda, NULL); } return true; Loading system/stack/hid/hidh_conn.cc +9 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ #include "hidh_api.h" #include "hidh_int.h" #include "log/log.h" #include "osi/include/osi.h" static uint8_t find_conn_by_cid(uint16_t cid); Loading Loading @@ -799,6 +800,14 @@ static void hidh_l2cif_data_ind(uint16_t l2cap_cid, BT_HDR* p_msg) { return; } if (p_msg->len < 1) { HIDH_TRACE_WARNING("Rcvd L2CAP data, invalid length %d, should be >= 1", p_msg->len); osi_free(p_msg); android_errorWriteLog(0x534e4554, "80493272"); return; } ttype = HID_GET_TRANS_FROM_HDR(*p_data); param = HID_GET_PARAM_FROM_HDR(*p_data); rep_type = param & HID_PAR_REP_TYPE_MASK; Loading Loading
system/bta/dm/bta_dm_act.cc +6 −3 Original line number Diff line number Diff line Loading @@ -3082,11 +3082,14 @@ static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) { } } } else { BTM_SecDeleteDevice(remote_bd_addr); // remote_bd_addr comes from security record, which is removed in // BTM_SecDeleteDevice. RawAddress addr_copy = remote_bd_addr; BTM_SecDeleteDevice(addr_copy); /* need to remove all pending background connection */ BTA_GATTC_CancelOpen(0, remote_bd_addr, false); BTA_GATTC_CancelOpen(0, addr_copy, false); /* remove all cached GATT information */ BTA_GATTC_Refresh(remote_bd_addr); BTA_GATTC_Refresh(addr_copy); } } Loading
system/bta/hd/bta_hd_act.cc +29 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,7 @@ #include "bta_sys.h" #include "btm_api.h" #include "log/log.h" #include "osi/include/osi.h" static void bta_hd_cback(const RawAddress& bd_addr, uint8_t event, Loading Loading @@ -510,6 +511,10 @@ extern void bta_hd_intr_data_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); if (bta_hd_cb.use_report_id || bta_hd_cb.boot_mode) { if (len < 1) { android_errorWriteLog(0x534e4554, "109757986"); return; } ret.report_id = *p_buf; len--; Loading Loading @@ -544,15 +549,31 @@ extern void bta_hd_get_report_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); uint16_t remaining_len = p_msg->len; if (remaining_len < 1) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.report_type = *p_buf & HID_PAR_REP_TYPE_MASK; p_buf++; remaining_len--; if (bta_hd_cb.use_report_id) { if (remaining_len < 1) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.report_id = *p_buf; p_buf++; remaining_len--; } if (rep_size_follows) { if (remaining_len < 2) { android_errorWriteLog(0x534e4554, "109757168"); return; } ret.buffer_size = *p_buf | (*(p_buf + 1) << 8); } Loading @@ -579,11 +600,19 @@ extern void bta_hd_set_report_act(tBTA_HD_DATA* p_data) { APPL_TRACE_API("%s", __func__); if (len < 1) { android_errorWriteLog(0x534e4554, "110846194"); return; } ret.report_type = *p_buf & HID_PAR_REP_TYPE_MASK; p_buf++; len--; if (bta_hd_cb.use_report_id || bta_hd_cb.boot_mode) { if (len < 1) { android_errorWriteLog(0x534e4554, "109757435"); return; } ret.report_id = *p_buf; len--; Loading
system/btif/src/btif_hf.cc +16 −1 Original line number Diff line number Diff line Loading @@ -1020,12 +1020,20 @@ bt_status_t HeadsetInterface::ClccResponse( dialnum[newidx++] = '+'; } for (size_t i = 0; number[i] != 0; i++) { if (newidx >= (sizeof(dialnum) - res_strlen - 1)) { android_errorWriteLog(0x534e4554, "79266386"); break; } if (utl_isdialchar(number[i])) { dialnum[newidx++] = number[i]; } } dialnum[newidx] = 0; snprintf(&ag_res.str[res_strlen], rem_bytes, ",\"%s\",%d", dialnum, type); // Reserve 5 bytes for ["][,][3_digit_type] snprintf(&ag_res.str[res_strlen], rem_bytes - 5, ",\"%s", dialnum); std::stringstream remaining_string; remaining_string << "\"," << type; strncat(&ag_res.str[res_strlen], remaining_string.str().c_str(), 5); } } BTA_AgResult(btif_hf_cb[idx].handle, BTA_AG_CLCC_RES, ag_res); Loading Loading @@ -1172,6 +1180,13 @@ bt_status_t HeadsetInterface::PhoneStateChange( else xx = snprintf(ag_res.str, sizeof(ag_res.str), "\"%s\"", number); ag_res.num = type; // 5 = [,][3_digit_type][null_terminator] if (xx > static_cast<int>(sizeof(ag_res.str) - 5)) { android_errorWriteLog(0x534e4554, "79431031"); xx = sizeof(ag_res.str) - 5; // Null terminating the string memset(&ag_res.str[xx], 0, 5); } if (res == BTA_AG_CALL_WAIT_RES) snprintf(&ag_res.str[xx], sizeof(ag_res.str) - xx, ",%d", type); Loading
system/stack/btm/btm_dev.cc +10 −10 Original line number Diff line number Diff line Loading @@ -149,17 +149,16 @@ bool BTM_SecAddDevice(const RawAddress& bd_addr, DEV_CLASS dev_class, return true; } /******************************************************************************* * * Function BTM_SecDeleteDevice /** Free resources associated with the device associated with |bd_addr| address. * * Description Free resources associated with the device. * * Parameters: bd_addr - BD address of the peer * *** WARNING *** * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is * no longer valid! * *** WARNING *** * * Returns true if removed OK, false if not found or ACL link is active * ******************************************************************************/ * Returns true if removed OK, false if not found or ACL link is active. */ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) || BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR)) { Loading @@ -170,9 +169,10 @@ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); if (p_dev_rec != NULL) { RawAddress bda = p_dev_rec->bd_addr; btm_sec_free_dev(p_dev_rec); /* Tell controller to get rid of the link key, if it has one stored */ BTM_DeleteStoredLinkKey(&p_dev_rec->bd_addr, NULL); BTM_DeleteStoredLinkKey(&bda, NULL); } return true; Loading
system/stack/hid/hidh_conn.cc +9 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ #include "hidh_api.h" #include "hidh_int.h" #include "log/log.h" #include "osi/include/osi.h" static uint8_t find_conn_by_cid(uint16_t cid); Loading Loading @@ -799,6 +800,14 @@ static void hidh_l2cif_data_ind(uint16_t l2cap_cid, BT_HDR* p_msg) { return; } if (p_msg->len < 1) { HIDH_TRACE_WARNING("Rcvd L2CAP data, invalid length %d, should be >= 1", p_msg->len); osi_free(p_msg); android_errorWriteLog(0x534e4554, "80493272"); return; } ttype = HID_GET_TRANS_FROM_HDR(*p_data); param = HID_GET_PARAM_FROM_HDR(*p_data); rep_type = param & HID_PAR_REP_TYPE_MASK; Loading
