Loading system/stack/avdt/avdt_api.c +1 −1 Original line number Diff line number Diff line Loading @@ -1208,7 +1208,7 @@ UINT16 AVDT_SendReport(UINT8 handle, AVDT_REPORT_TYPE type, /* build SR - assume fit in one packet */ p_tbl = avdt_ad_tc_tbl_by_type(AVDT_CHAN_REPORT, p_scb->p_ccb, p_scb); if (p_tbl->state == AVDT_AD_ST_OPEN) { BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu + sizeof(BT_HDR)); p_pkt->offset = L2CAP_MIN_OFFSET; p = (UINT8 *)(p_pkt + 1) + p_pkt->offset; Loading system/stack/bnep/bnep_main.c +1 −1 Original line number Diff line number Diff line Loading @@ -575,7 +575,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p && rem_len) { p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len); p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len + sizeof(BT_HDR)); memcpy((UINT8 *)(p_bcb->p_pending_data + 1), p, rem_len); p_bcb->p_pending_data->len = rem_len; p_bcb->p_pending_data->offset = 0; Loading system/stack/l2cap/l2cap_client.c +4 −2 Original line number Diff line number Diff line Loading @@ -370,7 +370,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) { assert(packet != NULL); // TODO(sharvil): eliminate copy into BT_HDR. BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET); BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET + sizeof(BT_HDR)); bt_packet->offset = L2CAP_MIN_OFFSET; bt_packet->len = buffer_length(packet); memcpy(bt_packet->data + bt_packet->offset, buffer_ptr(packet), buffer_length(packet)); Loading @@ -384,7 +385,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) { break; } BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET); BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET + sizeof(BT_HDR)); fragment->offset = L2CAP_MIN_OFFSET; fragment->len = client->remote_mtu; memcpy(fragment->data + fragment->offset, bt_packet->data + bt_packet->offset, client->remote_mtu); Loading system/stack/mcap/mca_cact.c +2 −2 Original line number Diff line number Diff line Loading @@ -122,7 +122,7 @@ void mca_ccb_snd_req(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data) p_ccb->p_tx_req = p_msg; if (!p_ccb->cong) { BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR)); p_pkt->offset = L2CAP_MIN_OFFSET; p = p_start = (UINT8*)(p_pkt + 1) + L2CAP_MIN_OFFSET; Loading Loading @@ -164,7 +164,7 @@ void mca_ccb_snd_rsp(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data) tMCA_CCB_MSG *p_msg = (tMCA_CCB_MSG *)p_data; UINT8 *p, *p_start; BOOLEAN chk_mdl = FALSE; BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR)); MCA_TRACE_DEBUG("%s cong=%d req=%d", __func__, p_ccb->cong, p_msg->op_code); /* assume that API functions verified the parameters */ Loading Loading
system/stack/avdt/avdt_api.c +1 −1 Original line number Diff line number Diff line Loading @@ -1208,7 +1208,7 @@ UINT16 AVDT_SendReport(UINT8 handle, AVDT_REPORT_TYPE type, /* build SR - assume fit in one packet */ p_tbl = avdt_ad_tc_tbl_by_type(AVDT_CHAN_REPORT, p_scb->p_ccb, p_scb); if (p_tbl->state == AVDT_AD_ST_OPEN) { BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu + sizeof(BT_HDR)); p_pkt->offset = L2CAP_MIN_OFFSET; p = (UINT8 *)(p_pkt + 1) + p_pkt->offset; Loading
system/stack/bnep/bnep_main.c +1 −1 Original line number Diff line number Diff line Loading @@ -575,7 +575,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p && rem_len) { p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len); p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len + sizeof(BT_HDR)); memcpy((UINT8 *)(p_bcb->p_pending_data + 1), p, rem_len); p_bcb->p_pending_data->len = rem_len; p_bcb->p_pending_data->offset = 0; Loading
system/stack/l2cap/l2cap_client.c +4 −2 Original line number Diff line number Diff line Loading @@ -370,7 +370,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) { assert(packet != NULL); // TODO(sharvil): eliminate copy into BT_HDR. BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET); BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET + sizeof(BT_HDR)); bt_packet->offset = L2CAP_MIN_OFFSET; bt_packet->len = buffer_length(packet); memcpy(bt_packet->data + bt_packet->offset, buffer_ptr(packet), buffer_length(packet)); Loading @@ -384,7 +385,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) { break; } BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET); BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET + sizeof(BT_HDR)); fragment->offset = L2CAP_MIN_OFFSET; fragment->len = client->remote_mtu; memcpy(fragment->data + fragment->offset, bt_packet->data + bt_packet->offset, client->remote_mtu); Loading
system/stack/mcap/mca_cact.c +2 −2 Original line number Diff line number Diff line Loading @@ -122,7 +122,7 @@ void mca_ccb_snd_req(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data) p_ccb->p_tx_req = p_msg; if (!p_ccb->cong) { BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR)); p_pkt->offset = L2CAP_MIN_OFFSET; p = p_start = (UINT8*)(p_pkt + 1) + L2CAP_MIN_OFFSET; Loading Loading @@ -164,7 +164,7 @@ void mca_ccb_snd_rsp(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data) tMCA_CCB_MSG *p_msg = (tMCA_CCB_MSG *)p_data; UINT8 *p, *p_start; BOOLEAN chk_mdl = FALSE; BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU); BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR)); MCA_TRACE_DEBUG("%s cong=%d req=%d", __func__, p_ccb->cong, p_msg->op_code); /* assume that API functions verified the parameters */ Loading
