Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 95b999f9 authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

Don't use Address after it was deleted 

Bug: 110216173
Change-Id: Id3364cf53153eafed478546d7347ed1673217e91
Merged-In: Id3364cf53153eafed478546d7347ed1673217e91
parent d89048b8

system/bta/dm/bta_dm_act.c

+7 −3
Original line number Diff line number Diff line
@@ -3332,12 +3332,16 @@ void bta_dm_acl_change(tBTA_DM_MSG *p_data) 
        }

        if (conn.link_down.is_removed)

        {

            BTM_SecDeleteDevice(p_bda);

            // p_bda points to security record, which is removed in

            // BTM_SecDeleteDevice.

            BD_ADDR addr_copy;

            memcpy(addr_copy, p_bda, BD_ADDR_LEN);

            BTM_SecDeleteDevice(addr_copy);

#if (BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE)

            /* need to remove all pending background connection */

            BTA_GATTC_CancelOpen(0, p_bda, FALSE);

            BTA_GATTC_CancelOpen(0, addr_copy, FALSE);

            /* remove all cached GATT information */

            BTA_GATTC_Refresh(p_bda);

            BTA_GATTC_Refresh(addr_copy);

#endif

         }

system/stack/btm/btm_dev.c

+13 −12
Original line number Diff line number Diff line
@@ -164,17 +164,16 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, 
}





/*******************************************************************************

**

** Function         BTM_SecDeleteDevice

**

** Description      Free resources associated with the device.

**

** Parameters:      bd_addr          - BD address of the peer

**

** Returns          TRUE if removed OK, FALSE if not found or ACL link is active

**

*******************************************************************************/

/** Free resources associated with the device associated with |bd_addr| address.

 *

 * *** WARNING ***

 * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function

 * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is

 * no longer valid!

 * *** WARNING ***

 *

 * Returns true if removed OK, false if not found or ACL link is active.

 */

BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr)

{

    tBTM_SEC_DEV_REC *p_dev_rec;
@@ -188,9 +187,11 @@ BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr) 


    if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL)

    {

        BD_ADDR bda;

        memcpy(bda, bd_addr, BD_ADDR_LEN);

        btm_sec_free_dev(p_dev_rec);

        /* Tell controller to get rid of the link key, if it has one stored */

        BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);

        BTM_DeleteStoredLinkKey (bda, NULL);

    }



    return TRUE;

system/stack/include/btm_api.h

+10 −9
Original line number Diff line number Diff line
@@ -3313,15 +3313,16 @@ extern BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, 
                                 UINT8 key_type, tBTM_IO_CAP io_cap, UINT8 pin_length);





/*******************************************************************************

**

** Function         BTM_SecDeleteDevice

**

** Description      Free resources associated with the device.

**

** Returns          TRUE if rmoved OK, FALSE if not found

**

*******************************************************************************/

/** Free resources associated with the device associated with |bd_addr| address.

 *

 * *** WARNING ***

 * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function

 * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is

 * no longer valid!

 * *** WARNING ***

 *

 * Returns true if removed OK, false if not found or ACL link is active.

 */

extern BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr);