Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 608b7f7e authored by Maggie_Lee's avatar Maggie_Lee Committed by Chris Elliott
Browse files

anthias:17614185:Bluetooth: Getbuf returning invalid buffer pointer 

b/17623865

Getbuff is checking for the pool which can accommodate
requested size, but it changing the pool with a restricted
check and not checking for the free memory size in that pool.

Added a check to avoid return the wrong pool free buf pointer
and avoid gki get_buffer overflow.

Change-Id: I142870c989fc37f49c2d9b411d5eddbfba59bd9d
parent bad2f799

gki/common/gki_buffer.c

+5 −1
Original line number Diff line number Diff line
@@ -402,7 +402,11 @@ void *GKI_getbuf (UINT16 size) 
        if (((UINT16)1 << p_cb->pool_list[i]) & p_cb->pool_access_mask)

            continue;



        if ( size <= p_cb->freeq[p_cb->pool_list[i]].size )

            Q = &p_cb->freeq[p_cb->pool_list[i]];

        else

            continue;



        if(Q->cur_cnt < Q->total)

        {

// btla-specific ++