Loading framework/tests/bumble/src/android/bluetooth/GattClientTest.java +28 −0 Original line number Diff line number Diff line Loading @@ -637,4 +637,32 @@ public class GattClientTest { // We should fail because we reached the limit. assertThat(failed).isTrue(); } @Test public void writeCharacteristic_disconnected_shouldNotCrash() { registerGattService(); BluetoothGattCallback gattCallback = mock(BluetoothGattCallback.class); BluetoothGatt gatt = connectGattAndWaitConnection(gattCallback); try { gatt.discoverServices(); verify(gattCallback, timeout(10000)).onServicesDiscovered(any(), eq(GATT_SUCCESS)); BluetoothGattCharacteristic characteristic = gatt.getService(TEST_SERVICE_UUID).getCharacteristic(TEST_CHARACTERISTIC_UUID); byte[] newValue = new byte[] {13}; gatt.writeCharacteristic( characteristic, newValue, BluetoothGattCharacteristic.WRITE_TYPE_DEFAULT); // TODO(b/370607862): disconnect from the remote gatt.disconnect(); gatt.close(); } finally { // it's okay to close twice. gatt.close(); } } } system/stack/gatt/gatt_cl.cc +9 −2 Original line number Diff line number Diff line Loading @@ -249,7 +249,7 @@ void gatt_act_write(tGATT_CLCB* p_clcb, uint8_t sec_act) { } case GATT_WRITE: { if (attr.len <= (payload_size - GATT_HDR_SIZE)) { if ((attr.len + GATT_HDR_SIZE) <= payload_size) { p_clcb->s_handle = attr.handle; tGATT_STATUS rt = gatt_send_write_msg(tcb, p_clcb, GATT_REQ_WRITE, attr.handle, attr.len, 0, Loading Loading @@ -346,7 +346,14 @@ void gatt_send_prepare_write(tGATT_TCB& tcb, tGATT_CLCB* p_clcb) { uint16_t to_send = p_attr->len - p_attr->offset; uint16_t payload_size = gatt_tcb_get_payload_size(tcb, p_clcb->cid); if (to_send > (payload_size - GATT_WRITE_LONG_HDR_SIZE)) { /* 2 = uint16_t offset bytes */ if (payload_size <= GATT_WRITE_LONG_HDR_SIZE) { log::error("too small mtu size {}, possibly due to disconnection", payload_size); gatt_end_operation(p_clcb, GATT_ERROR, NULL); return; } if (to_send > (payload_size - GATT_WRITE_LONG_HDR_SIZE)) { to_send = payload_size - GATT_WRITE_LONG_HDR_SIZE; } Loading Loading
framework/tests/bumble/src/android/bluetooth/GattClientTest.java +28 −0 Original line number Diff line number Diff line Loading @@ -637,4 +637,32 @@ public class GattClientTest { // We should fail because we reached the limit. assertThat(failed).isTrue(); } @Test public void writeCharacteristic_disconnected_shouldNotCrash() { registerGattService(); BluetoothGattCallback gattCallback = mock(BluetoothGattCallback.class); BluetoothGatt gatt = connectGattAndWaitConnection(gattCallback); try { gatt.discoverServices(); verify(gattCallback, timeout(10000)).onServicesDiscovered(any(), eq(GATT_SUCCESS)); BluetoothGattCharacteristic characteristic = gatt.getService(TEST_SERVICE_UUID).getCharacteristic(TEST_CHARACTERISTIC_UUID); byte[] newValue = new byte[] {13}; gatt.writeCharacteristic( characteristic, newValue, BluetoothGattCharacteristic.WRITE_TYPE_DEFAULT); // TODO(b/370607862): disconnect from the remote gatt.disconnect(); gatt.close(); } finally { // it's okay to close twice. gatt.close(); } } }
system/stack/gatt/gatt_cl.cc +9 −2 Original line number Diff line number Diff line Loading @@ -249,7 +249,7 @@ void gatt_act_write(tGATT_CLCB* p_clcb, uint8_t sec_act) { } case GATT_WRITE: { if (attr.len <= (payload_size - GATT_HDR_SIZE)) { if ((attr.len + GATT_HDR_SIZE) <= payload_size) { p_clcb->s_handle = attr.handle; tGATT_STATUS rt = gatt_send_write_msg(tcb, p_clcb, GATT_REQ_WRITE, attr.handle, attr.len, 0, Loading Loading @@ -346,7 +346,14 @@ void gatt_send_prepare_write(tGATT_TCB& tcb, tGATT_CLCB* p_clcb) { uint16_t to_send = p_attr->len - p_attr->offset; uint16_t payload_size = gatt_tcb_get_payload_size(tcb, p_clcb->cid); if (to_send > (payload_size - GATT_WRITE_LONG_HDR_SIZE)) { /* 2 = uint16_t offset bytes */ if (payload_size <= GATT_WRITE_LONG_HDR_SIZE) { log::error("too small mtu size {}, possibly due to disconnection", payload_size); gatt_end_operation(p_clcb, GATT_ERROR, NULL); return; } if (to_send > (payload_size - GATT_WRITE_LONG_HDR_SIZE)) { to_send = payload_size - GATT_WRITE_LONG_HDR_SIZE; } Loading
