Merge changes from topic "nyc-dev-fix-l2cap-bad-pkt" into nyc-dr1-dev (6b9f9b53) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/l2cap/l2c_fcr.c

+17 −7

Original line number	Original line	Diff line number	Diff line
	@@ -24,6 +24,7 @@
	******************************************************************************/		******************************************************************************/

	#include <assert.h>		#include <assert.h>
			#include <log/log.h>
	#include <stdio.h>		#include <stdio.h>
	#include <stdlib.h>		#include <stdlib.h>
	#include <string.h>		#include <string.h>
	@@ -862,10 +863,24 @@ void l2c_lcc_proc_pdu(tL2C_CCB p_ccb, BT_HDR p_buf)
	p_buf->len -= sizeof(sdu_length);		p_buf->len -= sizeof(sdu_length);
	p_buf->offset += sizeof(sdu_length);		p_buf->offset += sizeof(sdu_length);
	p_data->offset = 0;		p_data->offset = 0;
			} else {
			p_data = p_ccb->ble_sdu;
			if (p_buf->len > (p_ccb->ble_sdu_length - p_data->len)) {
			L2CAP_TRACE_ERROR("%s: buffer length=%d too big. max=%d. Dropped",
			__func__, p_data->len,
			(p_ccb->ble_sdu_length - p_data->len));
			android_errorWriteWithInfoLog(0x534e4554, "75298652", -1, NULL, 0);
			osi_free(p_buf);

			/* Throw away all pending fragments and disconnects */
			p_ccb->is_first_seg = true;
			osi_free(p_ccb->ble_sdu);
			p_ccb->ble_sdu = NULL;
			p_ccb->ble_sdu_length = 0;
			l2cu_disconnect_chnl(p_ccb);
			return;
			}
	}		}
	else
	p_data = p_ccb->ble_sdu;

	memcpy((UINT8)(p_data + 1) + p_data->offset + p_data->len, (UINT8)(p_buf + 1) + p_buf->offset, p_buf->len);		memcpy((UINT8)(p_data + 1) + p_data->offset + p_data->len, (UINT8)(p_buf + 1) + p_buf->offset, p_buf->len);
	p_data->len += p_buf->len;		p_data->len += p_buf->len;
	@@ -881,11 +896,6 @@ void l2c_lcc_proc_pdu(tL2C_CCB p_ccb, BT_HDR p_buf)
	{		{
	p_ccb->is_first_seg = FALSE;		p_ccb->is_first_seg = FALSE;
	}		}
	else
	{
	L2CAP_TRACE_ERROR ("%s Length in the SDU messed up",__func__);
	// TODO: reset every thing may be???
	}

	osi_free(p_buf);		osi_free(p_buf);
	return;		return;