DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr

                                            uint8_t* p_reply_end);

                                            uint8_t* p_reply_end);

static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end);

static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end);

static tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, BD_ADDR p_bda);

static tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, BD_ADDR p_bda);

static uint8_t* add_attr(uint8_t* p, tSDP_DISCOVERY_DB* p_db,

static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,

                         tSDP_DISC_REC* p_rec, uint16_t attr_id,

                         tSDP_DISC_REC* p_rec, uint16_t attr_id,

                         tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level);

                         tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level);

    BE_STREAM_TO_UINT16(attr_id, p);

    BE_STREAM_TO_UINT16(attr_id, p);

    /* Now, add the attribute value */

    /* Now, add the attribute value */

    p = add_attr(p, p_ccb->p_db, p_rec, attr_id, NULL, 0);

    p = add_attr(p, p_seq_end, p_ccb->p_db, p_rec, attr_id, NULL, 0);

    if (!p) {

    if (!p) {

      SDP_TRACE_WARNING("SDP - DB full add_attr");

      SDP_TRACE_WARNING("SDP - DB full add_attr");

 * Returns          pointer to next byte in data stream

 * Returns          pointer to next byte in data stream

 *

 *

 ******************************************************************************/

 ******************************************************************************/

static uint8_t* add_attr(uint8_t* p, tSDP_DISCOVERY_DB* p_db,

static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,

                         tSDP_DISC_REC* p_rec, uint16_t attr_id,

                         tSDP_DISC_REC* p_rec, uint16_t attr_id,

                         tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level) {

                         tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level) {

  tSDP_DISC_ATTR* p_attr;

  tSDP_DISC_ATTR* p_attr;

  uint16_t attr_type;

  uint16_t attr_type;

  uint16_t id;

  uint16_t id;

  uint8_t type;

  uint8_t type;

  uint8_t* p_end;

  uint8_t* p_attr_end;

  uint8_t is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;

  uint8_t is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;

  nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);

  nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);

  else

  else

    total_len = sizeof(tSDP_DISC_ATTR);

    total_len = sizeof(tSDP_DISC_ATTR);

  p_attr_end = p + attr_len;

  if (p_attr_end > p_end) {

    android_errorWriteLog(0x534e4554, "115900043");

    SDP_TRACE_WARNING("%s: SDP - Attribute length beyond p_end", __func__);

    return NULL;

  }

  /* Ensure it is a multiple of 4 */

  /* Ensure it is a multiple of 4 */

  total_len = (total_len + 3) & ~3;

  total_len = (total_len + 3) & ~3;

           * sub-attributes */

           * sub-attributes */

          p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);

          p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);

          p_db->mem_free -= sizeof(tSDP_DISC_ATTR);

          p_db->mem_free -= sizeof(tSDP_DISC_ATTR);

          p_end = p + attr_len;

          total_len = 0;

          total_len = 0;

          /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */

          /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */

          if (nest_level >= MAX_NEST_LEVELS) {

          if (nest_level >= MAX_NEST_LEVELS) {

            SDP_TRACE_ERROR("SDP - attr nesting too deep");

            SDP_TRACE_ERROR("SDP - attr nesting too deep");

            return (p_end);

            return p_attr_end;

          }

          }

          /* Now, add the list entry */

          /* Now, add the list entry */

          p = add_attr(p, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST, p_attr,

          p = add_attr(p, p_end, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST,

                       (uint8_t)(nest_level + 1));

                       p_attr, (uint8_t)(nest_level + 1));

          break;

          break;

        }

        }

          break;

          break;

        default:

        default:

          SDP_TRACE_WARNING("SDP - bad len in UUID attr: %d", attr_len);

          SDP_TRACE_WARNING("SDP - bad len in UUID attr: %d", attr_len);

          return (p + attr_len);

          return p_attr_end;

      }

      }

      break;

      break;

       * sub-attributes */

       * sub-attributes */

      p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);

      p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);

      p_db->mem_free -= sizeof(tSDP_DISC_ATTR);

      p_db->mem_free -= sizeof(tSDP_DISC_ATTR);

      p_end = p + attr_len;

      total_len = 0;

      total_len = 0;

      /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */

      /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */

      if (nest_level >= MAX_NEST_LEVELS) {

      if (nest_level >= MAX_NEST_LEVELS) {

        SDP_TRACE_ERROR("SDP - attr nesting too deep");

        SDP_TRACE_ERROR("SDP - attr nesting too deep");

        return (p_end);

        return p_attr_end;

      }

      }

      if (is_additional_list != 0 ||

      if (is_additional_list != 0 ||

          attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)

          attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)

        nest_level |= SDP_ADDITIONAL_LIST_MASK;

        nest_level |= SDP_ADDITIONAL_LIST_MASK;

      /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */

      /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */

      while (p < p_end) {

      while (p < p_attr_end) {

        /* Now, add the list entry */

        /* Now, add the list entry */

        p = add_attr(p, p_db, p_rec, 0, p_attr, (uint8_t)(nest_level + 1));

        p = add_attr(p, p_end, p_db, p_rec, 0, p_attr,

                     (uint8_t)(nest_level + 1));

        if (!p) return (NULL);

        if (!p) return (NULL);

      }

      }

          break;

          break;

        default:

        default:

          SDP_TRACE_WARNING("SDP - bad len in boolean attr: %d", attr_len);

          SDP_TRACE_WARNING("SDP - bad len in boolean attr: %d", attr_len);

          return (p + attr_len);

          return p_attr_end;

      }

      }

      break;

      break;