Loading system/stack/gatt/gatt_sr.c +16 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ #if BLE_INCLUDED == TRUE #include <string.h> #include <log/log.h> #include "gatt_int.h" #include "l2c_api.h" #include "l2c_int.h" Loading Loading @@ -327,8 +328,6 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U tGATT_IF gatt_if; UINT16 conn_id; UNUSED(len); #if GATT_CONFORMANCE_TESTING == TRUE if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) { Loading @@ -341,6 +340,13 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U } #endif if (len < sizeof(flag)) { android_errorWriteLog(0x534e4554, "73172115"); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, GATT_REQ_EXEC_WRITE, 0, false); return; } STREAM_TO_UINT8(flag, p); /* mask the flag */ Loading Loading @@ -1140,7 +1146,13 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 UINT16 offset = 0, value_len = 0; BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); UNUSED(len); if (op_code == GATT_REQ_READ_BLOB && len < sizeof(UINT16)) { /* Error: packet length is too short */ android_errorWriteWithInfoLog(0x534e4554, "73172115", -1, NULL, 0); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, op_code, 0, false); return; } if (op_code == GATT_REQ_READ_BLOB) STREAM_TO_UINT16(offset, p_data); Loading Loading @@ -1171,7 +1183,7 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 { osi_free(p_msg); /* in theroy BUSY is not possible(should already been checked), protected check */ /* in theory BUSY is not possible(should already been checked), protected check */ if (reason != GATT_PENDING && reason != GATT_BUSY) gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); } Loading Loading
system/stack/gatt/gatt_sr.c +16 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ #if BLE_INCLUDED == TRUE #include <string.h> #include <log/log.h> #include "gatt_int.h" #include "l2c_api.h" #include "l2c_int.h" Loading Loading @@ -327,8 +328,6 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U tGATT_IF gatt_if; UINT16 conn_id; UNUSED(len); #if GATT_CONFORMANCE_TESTING == TRUE if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) { Loading @@ -341,6 +340,13 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U } #endif if (len < sizeof(flag)) { android_errorWriteLog(0x534e4554, "73172115"); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, GATT_REQ_EXEC_WRITE, 0, false); return; } STREAM_TO_UINT8(flag, p); /* mask the flag */ Loading Loading @@ -1140,7 +1146,13 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 UINT16 offset = 0, value_len = 0; BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); UNUSED(len); if (op_code == GATT_REQ_READ_BLOB && len < sizeof(UINT16)) { /* Error: packet length is too short */ android_errorWriteWithInfoLog(0x534e4554, "73172115", -1, NULL, 0); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, op_code, 0, false); return; } if (op_code == GATT_REQ_READ_BLOB) STREAM_TO_UINT16(offset, p_data); Loading Loading @@ -1171,7 +1183,7 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 { osi_free(p_msg); /* in theroy BUSY is not possible(should already been checked), protected check */ /* in theory BUSY is not possible(should already been checked), protected check */ if (reason != GATT_PENDING && reason != GATT_BUSY) gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); } Loading
