DO NOT MERGE Drop LE CoC fragments when frame size is too big (a11f4dbd) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/l2cap/l2c_fcr.c

+17 −7

Original line number	Diff line number	Diff line
		@@ -24,6 +24,7 @@
		******************************************************************************/

		#include <assert.h>
		#include <log/log.h>
		#include <stdio.h>
		#include <stdlib.h>
		#include <string.h>
		@@ -862,10 +863,24 @@ void l2c_lcc_proc_pdu(tL2C_CCB p_ccb, BT_HDR p_buf)
		p_buf->len -= sizeof(sdu_length);
		p_buf->offset += sizeof(sdu_length);
		p_data->offset = 0;
		} else {
		p_data = p_ccb->ble_sdu;
		if (p_buf->len > (p_ccb->ble_sdu_length - p_data->len)) {
		L2CAP_TRACE_ERROR("%s: buffer length=%d too big. max=%d. Dropped",
		__func__, p_data->len,
		(p_ccb->ble_sdu_length - p_data->len));
		android_errorWriteWithInfoLog(0x534e4554, "75298652", -1, NULL, 0);
		osi_free(p_buf);

		/* Throw away all pending fragments and disconnects */
		p_ccb->is_first_seg = true;
		osi_free(p_ccb->ble_sdu);
		p_ccb->ble_sdu = NULL;
		p_ccb->ble_sdu_length = 0;
		l2cu_disconnect_chnl(p_ccb);
		return;
		}
		}
		else
		p_data = p_ccb->ble_sdu;

		memcpy((UINT8)(p_data + 1) + p_data->offset + p_data->len, (UINT8)(p_buf + 1) + p_buf->offset, p_buf->len);
		p_data->len += p_buf->len;
		@@ -881,11 +896,6 @@ void l2c_lcc_proc_pdu(tL2C_CCB p_ccb, BT_HDR p_buf)
		{
		p_ccb->is_first_seg = FALSE;
		}
		else
		{
		L2CAP_TRACE_ERROR ("%s Length in the SDU messed up",__func__);
		// TODO: reset every thing may be???
		}

		osi_free(p_buf);
		return;