Loading system/bta/pan/bta_pan_act.c +6 −11 Original line number Diff line number Diff line Loading @@ -206,6 +206,12 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, BT_HDR * p_event; BT_HDR *p_new_buf; p_scb = bta_pan_scb_by_handle(handle); if (p_scb == NULL) { return; } if ( sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset ) { if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len > Loading @@ -213,7 +219,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, android_errorWriteLog(0x534e4554, "63146237"); APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__, p_buf->len); GKI_freebuf(p_buf); return; } Loading @@ -222,7 +227,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, if(!p_new_buf) { APPL_TRACE_WARNING("Cannot get a PAN GKI buffer"); GKI_freebuf( p_buf ); return; } else Loading @@ -230,7 +234,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, memcpy( (UINT8 *)(p_new_buf+1)+sizeof(tBTA_PAN_DATA_PARAMS), (UINT8 *)(p_buf+1)+p_buf->offset, p_buf->len ); p_new_buf->len = p_buf->len; p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS); GKI_freebuf( p_buf ); } } else Loading @@ -244,14 +247,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, ((tBTA_PAN_DATA_PARAMS *)p_new_buf)->ext = ext; ((tBTA_PAN_DATA_PARAMS *)p_new_buf)->forward = forward; if((p_scb = bta_pan_scb_by_handle(handle)) == NULL) { GKI_freebuf( p_new_buf ); return; } GKI_enqueue(&p_scb->data_queue, p_new_buf); if ((p_event = (BT_HDR *) GKI_getbuf(sizeof(BT_HDR))) != NULL) { Loading system/stack/bnep/bnep_main.c +1 −0 Original line number Diff line number Diff line Loading @@ -655,6 +655,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) if (bnep_cb.p_data_buf_cb) { (*bnep_cb.p_data_buf_cb)(p_bcb->handle, p_src_addr, p_dst_addr, protocol, p_buf, fw_ext_present); GKI_freebuf (p_buf); } else if (bnep_cb.p_data_ind_cb) { Loading Loading
system/bta/pan/bta_pan_act.c +6 −11 Original line number Diff line number Diff line Loading @@ -206,6 +206,12 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, BT_HDR * p_event; BT_HDR *p_new_buf; p_scb = bta_pan_scb_by_handle(handle); if (p_scb == NULL) { return; } if ( sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset ) { if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len > Loading @@ -213,7 +219,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, android_errorWriteLog(0x534e4554, "63146237"); APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__, p_buf->len); GKI_freebuf(p_buf); return; } Loading @@ -222,7 +227,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, if(!p_new_buf) { APPL_TRACE_WARNING("Cannot get a PAN GKI buffer"); GKI_freebuf( p_buf ); return; } else Loading @@ -230,7 +234,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, memcpy( (UINT8 *)(p_new_buf+1)+sizeof(tBTA_PAN_DATA_PARAMS), (UINT8 *)(p_buf+1)+p_buf->offset, p_buf->len ); p_new_buf->len = p_buf->len; p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS); GKI_freebuf( p_buf ); } } else Loading @@ -244,14 +247,6 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst, ((tBTA_PAN_DATA_PARAMS *)p_new_buf)->ext = ext; ((tBTA_PAN_DATA_PARAMS *)p_new_buf)->forward = forward; if((p_scb = bta_pan_scb_by_handle(handle)) == NULL) { GKI_freebuf( p_new_buf ); return; } GKI_enqueue(&p_scb->data_queue, p_new_buf); if ((p_event = (BT_HDR *) GKI_getbuf(sizeof(BT_HDR))) != NULL) { Loading
system/stack/bnep/bnep_main.c +1 −0 Original line number Diff line number Diff line Loading @@ -655,6 +655,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) if (bnep_cb.p_data_buf_cb) { (*bnep_cb.p_data_buf_cb)(p_bcb->handle, p_src_addr, p_dst_addr, protocol, p_buf, fw_ext_present); GKI_freebuf (p_buf); } else if (bnep_cb.p_data_ind_cb) { Loading
