Loading system/stack/sdp/sdp_discovery.c +11 −0 Original line number Diff line number Diff line Loading @@ -291,6 +291,11 @@ static void process_service_search_rsp(tCONN_CB *p_ccb, UINT8 *p_reply, UINT16 total, cur_handles, orig; UINT8 cont_len; if (p_reply + 8 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } /* Skip transaction, and param len */ p_reply += 4; BE_STREAM_TO_UINT16 (total, p_reply); Loading @@ -311,6 +316,12 @@ static void process_service_search_rsp(tCONN_CB *p_ccb, UINT8 *p_reply, if (p_ccb->num_handles > sdp_cb.max_recs_per_search) p_ccb->num_handles = sdp_cb.max_recs_per_search; if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } for (xx = orig; xx < p_ccb->num_handles; xx++) BE_STREAM_TO_UINT32 (p_ccb->handles[xx], p_reply); Loading Loading
system/stack/sdp/sdp_discovery.c +11 −0 Original line number Diff line number Diff line Loading @@ -291,6 +291,11 @@ static void process_service_search_rsp(tCONN_CB *p_ccb, UINT8 *p_reply, UINT16 total, cur_handles, orig; UINT8 cont_len; if (p_reply + 8 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } /* Skip transaction, and param len */ p_reply += 4; BE_STREAM_TO_UINT16 (total, p_reply); Loading @@ -311,6 +316,12 @@ static void process_service_search_rsp(tCONN_CB *p_ccb, UINT8 *p_reply, if (p_ccb->num_handles > sdp_cb.max_recs_per_search) p_ccb->num_handles = sdp_cb.max_recs_per_search; if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } for (xx = orig; xx < p_ccb->num_handles; xx++) BE_STREAM_TO_UINT32 (p_ccb->handles[xx], p_reply); Loading
