Loading system/hci/src/packet_fragmenter.cc +10 −0 Original line number Diff line number Diff line Loading @@ -35,9 +35,11 @@ #define APPLY_START_FLAG(handle) (((handle)&0xCFFF) | 0x2000) #define SUB_EVENT(event) ((event)&MSG_SUB_EVT_MASK) #define GET_BOUNDARY_FLAG(handle) (((handle) >> 12) & 0x0003) #define GET_BROADCAST_FLAG(handle) (((handle) >> 14) & 0x0003) #define HANDLE_MASK 0x0FFF #define START_PACKET_BOUNDARY 2 #define POINT_TO_POINT 0 #define L2CAP_HEADER_PDU_LEN_SIZE 2 #define L2CAP_HEADER_CID_SIZE 2 #define L2CAP_HEADER_SIZE (L2CAP_HEADER_PDU_LEN_SIZE + L2CAP_HEADER_CID_SIZE) Loading Loading @@ -354,8 +356,16 @@ static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR* packet) { CHECK(acl_length == packet->len - HCI_ACL_PREAMBLE_SIZE); uint8_t boundary_flag = GET_BOUNDARY_FLAG(handle); uint8_t broadcast_flag = GET_BROADCAST_FLAG(handle); handle = handle & HANDLE_MASK; if (broadcast_flag != POINT_TO_POINT) { LOG_WARN("dropping broadcast packet"); android_errorWriteLog(0x534e4554, "169327567"); buffer_allocator->free(packet); return; } if (boundary_flag == START_PACKET_BOUNDARY) { if (acl_length < 2) { LOG_WARN("%s invalid acl_length %d", __func__, acl_length); Loading system/stack/avrc/avrc_pars_tg.cc +7 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,13 @@ static tAVRC_STS avrc_pars_vendor_cmd(tAVRC_MSG_VENDOR* p_msg, return AVRC_STS_INTERNAL_ERR; else { BE_STREAM_TO_UINT8(p_result->reg_notif.event_id, p); if (!AVRC_IS_VALID_EVENT_ID(p_result->reg_notif.event_id)) { android_errorWriteLog(0x534e4554, "168802990"); AVRC_TRACE_ERROR("%s: Invalid event id: %d", __func__, p_result->reg_notif.event_id); return AVRC_STS_BAD_PARAM; } BE_STREAM_TO_UINT32(p_result->reg_notif.param, p); } break; Loading Loading
system/hci/src/packet_fragmenter.cc +10 −0 Original line number Diff line number Diff line Loading @@ -35,9 +35,11 @@ #define APPLY_START_FLAG(handle) (((handle)&0xCFFF) | 0x2000) #define SUB_EVENT(event) ((event)&MSG_SUB_EVT_MASK) #define GET_BOUNDARY_FLAG(handle) (((handle) >> 12) & 0x0003) #define GET_BROADCAST_FLAG(handle) (((handle) >> 14) & 0x0003) #define HANDLE_MASK 0x0FFF #define START_PACKET_BOUNDARY 2 #define POINT_TO_POINT 0 #define L2CAP_HEADER_PDU_LEN_SIZE 2 #define L2CAP_HEADER_CID_SIZE 2 #define L2CAP_HEADER_SIZE (L2CAP_HEADER_PDU_LEN_SIZE + L2CAP_HEADER_CID_SIZE) Loading Loading @@ -354,8 +356,16 @@ static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR* packet) { CHECK(acl_length == packet->len - HCI_ACL_PREAMBLE_SIZE); uint8_t boundary_flag = GET_BOUNDARY_FLAG(handle); uint8_t broadcast_flag = GET_BROADCAST_FLAG(handle); handle = handle & HANDLE_MASK; if (broadcast_flag != POINT_TO_POINT) { LOG_WARN("dropping broadcast packet"); android_errorWriteLog(0x534e4554, "169327567"); buffer_allocator->free(packet); return; } if (boundary_flag == START_PACKET_BOUNDARY) { if (acl_length < 2) { LOG_WARN("%s invalid acl_length %d", __func__, acl_length); Loading
system/stack/avrc/avrc_pars_tg.cc +7 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,13 @@ static tAVRC_STS avrc_pars_vendor_cmd(tAVRC_MSG_VENDOR* p_msg, return AVRC_STS_INTERNAL_ERR; else { BE_STREAM_TO_UINT8(p_result->reg_notif.event_id, p); if (!AVRC_IS_VALID_EVENT_ID(p_result->reg_notif.event_id)) { android_errorWriteLog(0x534e4554, "168802990"); AVRC_TRACE_ERROR("%s: Invalid event id: %d", __func__, p_result->reg_notif.event_id); return AVRC_STS_BAD_PARAM; } BE_STREAM_TO_UINT32(p_result->reg_notif.param, p); } break; Loading
