Commit 69bf43cd authored Jul 12, 2013 by Hemant Gupta Committed by Matthew Xie Jul 28, 2014

Bluetooth: Getbuf returning invalid buffer pointer - do not merge

Getbuff is checking for the pool which can accommodate
requested size, but is changing the pool with a restricted
check and not checking for the free memory size in that pool.
Added a check to avoid returng the wrong pool free buf pointer.
Without this patch, SDP Codenomicon TestSuite crash is observed
on Bluedroid stack.

Change-Id: Id66d460c5a40d8c3208438d7cfaf729e9b355184

parent 605a8a7b

gki/common/gki_buffer.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -401,8 +401,11 @@ void *GKI_getbuf (UINT16 size)
		/* Only look at PUBLIC buffer pools (bypass RESTRICTED pools) */
		if (((UINT16)1 << p_cb->pool_list[i]) & p_cb->pool_access_mask)
		continue;

		if ( size <= p_cb->freeq[p_cb->pool_list[i]].size )
		Q = &p_cb->freeq[p_cb->pool_list[i]];
		else
		continue;

		if(Q->cur_cnt < Q->total)
		{
		// btla-specific ++