NULL-pointer access before check in BTM_SetBleDataLength (540bd3e7) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/btm/btm_ble.cc

+15 −16

Original line number	Diff line number	Diff line
		@@ -843,6 +843,13 @@ bool BTM_UseLeLink (BD_ADDR bd_addr)
		tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, uint16_t tx_pdu_length)
		{
		tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);

		if(p_acl == NULL)
		{
		BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__func__);
		return BTM_WRONG_MODE;
		}

		BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __func__, tx_pdu_length);

		if (!controller_get_interface()->supports_ble_packet_extension())
		@@ -857,8 +864,6 @@ tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, uint16_t tx_pdu_length)
		return BTM_ILLEGAL_VALUE;
		}

		if (p_acl != NULL)
		{
		if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX)
		tx_pdu_length = BTM_BLE_DATA_SIZE_MAX;
		else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN)
		@@ -870,12 +875,6 @@ tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, uint16_t tx_pdu_length)

		return BTM_SUCCESS;
		}
		else
		{
		BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__func__);
		return BTM_WRONG_MODE;
		}
		}

		/*******************************************************************************
		**