Loading system/stack/avrc/avrc_api.cc +27 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ #include <base/logging.h> #include <string.h> #include <log/log.h> #include "avrc_api.h" #include "avrc_int.h" #include "bt_common.h" Loading Loading @@ -661,6 +663,13 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, msg.browse.browse_len = p_pkt->len; msg.browse.p_browse_pkt = p_pkt; } else { if (p_pkt->len < AVRC_AVC_HDR_SIZE) { android_errorWriteLog(0x534e4554, "111803925"); AVRC_TRACE_WARNING("%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_AVC_HDR_SIZE); osi_free(p_pkt); return; } msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK; AVRC_TRACE_DEBUG("%s handle:%d, ctype:%d, offset:%d, len: %d", __func__, handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len); Loading Loading @@ -694,6 +703,15 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, p_drop_msg = "auto respond"; } else { /* parse response */ if (p_pkt->len < AVRC_OP_UNIT_INFO_RSP_LEN) { AVRC_TRACE_WARNING( "%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_OP_UNIT_INFO_RSP_LEN); android_errorWriteLog(0x534e4554, "79883824"); drop = true; p_drop_msg = "UNIT_INFO_RSP too short"; break; } p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/ msg.unit.unit_type = (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT; Loading Loading @@ -723,6 +741,15 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, p_drop_msg = "auto responded"; } else { /* parse response */ if (p_pkt->len < AVRC_OP_SUB_UNIT_INFO_RSP_LEN) { AVRC_TRACE_WARNING( "%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_OP_SUB_UNIT_INFO_RSP_LEN); android_errorWriteLog(0x534e4554, "79883824"); drop = true; p_drop_msg = "SUB_UNIT_INFO_RSP too short"; break; } p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */ msg.sub.page = (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK; Loading Loading
system/stack/avrc/avrc_api.cc +27 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ #include <base/logging.h> #include <string.h> #include <log/log.h> #include "avrc_api.h" #include "avrc_int.h" #include "bt_common.h" Loading Loading @@ -661,6 +663,13 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, msg.browse.browse_len = p_pkt->len; msg.browse.p_browse_pkt = p_pkt; } else { if (p_pkt->len < AVRC_AVC_HDR_SIZE) { android_errorWriteLog(0x534e4554, "111803925"); AVRC_TRACE_WARNING("%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_AVC_HDR_SIZE); osi_free(p_pkt); return; } msg.hdr.ctype = p_data[0] & AVRC_CTYPE_MASK; AVRC_TRACE_DEBUG("%s handle:%d, ctype:%d, offset:%d, len: %d", __func__, handle, msg.hdr.ctype, p_pkt->offset, p_pkt->len); Loading Loading @@ -694,6 +703,15 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, p_drop_msg = "auto respond"; } else { /* parse response */ if (p_pkt->len < AVRC_OP_UNIT_INFO_RSP_LEN) { AVRC_TRACE_WARNING( "%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_OP_UNIT_INFO_RSP_LEN); android_errorWriteLog(0x534e4554, "79883824"); drop = true; p_drop_msg = "UNIT_INFO_RSP too short"; break; } p_data += 4; /* 3 bytes: ctype, subunit*, opcode + octet 3 (is 7)*/ msg.unit.unit_type = (*p_data & AVRC_SUBTYPE_MASK) >> AVRC_SUBTYPE_SHIFT; Loading Loading @@ -723,6 +741,15 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, p_drop_msg = "auto responded"; } else { /* parse response */ if (p_pkt->len < AVRC_OP_SUB_UNIT_INFO_RSP_LEN) { AVRC_TRACE_WARNING( "%s: message length %d too short: must be at least %d", __func__, p_pkt->len, AVRC_OP_SUB_UNIT_INFO_RSP_LEN); android_errorWriteLog(0x534e4554, "79883824"); drop = true; p_drop_msg = "SUB_UNIT_INFO_RSP too short"; break; } p_data += AVRC_AVC_HDR_SIZE; /* 3 bytes: ctype, subunit*, opcode */ msg.sub.page = (*p_data++ >> AVRC_SUB_PAGE_SHIFT) & AVRC_SUB_PAGE_MASK; Loading
