Loading system/stack/btm/btm_ble_batchscan.cc +41 −8 Original line number Diff line number Diff line Loading @@ -60,12 +60,15 @@ bool can_do_batch_scan() { /* VSE callback for batch scan, filter, and tracking events */ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, const uint8_t* p) { tBTM_BLE_TRACK_ADV_DATA adv_data; tBTM_BLE_TRACK_ADV_DATA adv_data{}; uint8_t sub_event = 0; tBTM_BLE_VSC_CB cmn_ble_vsc_cb; if (len == 0) return; if (len < 1) goto err_out; STREAM_TO_UINT8(sub_event, p); len -= 1; BTM_TRACE_EVENT( "btm_ble_batchscan_filter_track_adv_vse_cback called with event:%x", Loading @@ -78,30 +81,45 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, if (HCI_VSE_SUBCODE_BLE_TRACKING_SUB_EVT == sub_event && NULL != ble_advtrack_cb.p_track_cback) { if (len < 10) return; memset(&adv_data, 0, sizeof(tBTM_BLE_TRACK_ADV_DATA)); BTM_BleGetVendorCapabilities(&cmn_ble_vsc_cb); adv_data.client_if = (uint8_t)ble_advtrack_cb.ref_value; if (cmn_ble_vsc_cb.version_supported > BTM_VSC_CHIP_CAPABILITY_L_VERSION) { if (len < 10) { goto err_out; } STREAM_TO_UINT8(adv_data.filt_index, p); STREAM_TO_UINT8(adv_data.advertiser_state, p); STREAM_TO_UINT8(adv_data.advertiser_info_present, p); STREAM_TO_BDADDR(adv_data.bd_addr, p); STREAM_TO_UINT8(adv_data.addr_type, p); len -= 10; /* Extract the adv info details */ if (ADV_INFO_PRESENT == adv_data.advertiser_info_present) { if (len < 15) return; if (len < 5) { goto err_out; } STREAM_TO_UINT8(adv_data.tx_power, p); STREAM_TO_UINT8(adv_data.rssi_value, p); STREAM_TO_UINT16(adv_data.time_stamp, p); STREAM_TO_UINT8(adv_data.adv_pkt_len, p); len -= 5; if (adv_data.adv_pkt_len > 0) { adv_data.p_adv_pkt_data = static_cast<uint8_t*>(osi_malloc(adv_data.adv_pkt_len)); if (adv_data.p_adv_pkt_data == nullptr || \ len < adv_data.adv_pkt_len) { goto err_out; } memcpy(adv_data.p_adv_pkt_data, p, adv_data.adv_pkt_len); len -= adv_data.adv_pkt_len; p += adv_data.adv_pkt_len; } Loading @@ -109,11 +127,19 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, if (adv_data.scan_rsp_len > 0) { adv_data.p_scan_rsp_data = static_cast<uint8_t*>(osi_malloc(adv_data.scan_rsp_len)); if (adv_data.p_scan_rsp_data == nullptr || len < adv_data.scan_rsp_len) { goto err_out; } memcpy(adv_data.p_scan_rsp_data, p, adv_data.scan_rsp_len); } } } else { /* Based on L-release version */ if (len < 9) { goto err_out; } STREAM_TO_UINT8(adv_data.filt_index, p); STREAM_TO_UINT8(adv_data.addr_type, p); STREAM_TO_BDADDR(adv_data.bd_addr, p); Loading @@ -129,8 +155,15 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, to_ble_addr_type(adv_data.addr_type)); ble_advtrack_cb.p_track_cback(&adv_data); return; } return; err_out: BTM_TRACE_ERROR("malformatted packet detected"); osi_free_and_reset((void **) &adv_data.p_adv_pkt_data); osi_free_and_reset((void **) &adv_data.p_scan_rsp_data); } void feat_enable_cb(uint8_t* p, uint16_t len) { Loading Loading
system/stack/btm/btm_ble_batchscan.cc +41 −8 Original line number Diff line number Diff line Loading @@ -60,12 +60,15 @@ bool can_do_batch_scan() { /* VSE callback for batch scan, filter, and tracking events */ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, const uint8_t* p) { tBTM_BLE_TRACK_ADV_DATA adv_data; tBTM_BLE_TRACK_ADV_DATA adv_data{}; uint8_t sub_event = 0; tBTM_BLE_VSC_CB cmn_ble_vsc_cb; if (len == 0) return; if (len < 1) goto err_out; STREAM_TO_UINT8(sub_event, p); len -= 1; BTM_TRACE_EVENT( "btm_ble_batchscan_filter_track_adv_vse_cback called with event:%x", Loading @@ -78,30 +81,45 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, if (HCI_VSE_SUBCODE_BLE_TRACKING_SUB_EVT == sub_event && NULL != ble_advtrack_cb.p_track_cback) { if (len < 10) return; memset(&adv_data, 0, sizeof(tBTM_BLE_TRACK_ADV_DATA)); BTM_BleGetVendorCapabilities(&cmn_ble_vsc_cb); adv_data.client_if = (uint8_t)ble_advtrack_cb.ref_value; if (cmn_ble_vsc_cb.version_supported > BTM_VSC_CHIP_CAPABILITY_L_VERSION) { if (len < 10) { goto err_out; } STREAM_TO_UINT8(adv_data.filt_index, p); STREAM_TO_UINT8(adv_data.advertiser_state, p); STREAM_TO_UINT8(adv_data.advertiser_info_present, p); STREAM_TO_BDADDR(adv_data.bd_addr, p); STREAM_TO_UINT8(adv_data.addr_type, p); len -= 10; /* Extract the adv info details */ if (ADV_INFO_PRESENT == adv_data.advertiser_info_present) { if (len < 15) return; if (len < 5) { goto err_out; } STREAM_TO_UINT8(adv_data.tx_power, p); STREAM_TO_UINT8(adv_data.rssi_value, p); STREAM_TO_UINT16(adv_data.time_stamp, p); STREAM_TO_UINT8(adv_data.adv_pkt_len, p); len -= 5; if (adv_data.adv_pkt_len > 0) { adv_data.p_adv_pkt_data = static_cast<uint8_t*>(osi_malloc(adv_data.adv_pkt_len)); if (adv_data.p_adv_pkt_data == nullptr || \ len < adv_data.adv_pkt_len) { goto err_out; } memcpy(adv_data.p_adv_pkt_data, p, adv_data.adv_pkt_len); len -= adv_data.adv_pkt_len; p += adv_data.adv_pkt_len; } Loading @@ -109,11 +127,19 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, if (adv_data.scan_rsp_len > 0) { adv_data.p_scan_rsp_data = static_cast<uint8_t*>(osi_malloc(adv_data.scan_rsp_len)); if (adv_data.p_scan_rsp_data == nullptr || len < adv_data.scan_rsp_len) { goto err_out; } memcpy(adv_data.p_scan_rsp_data, p, adv_data.scan_rsp_len); } } } else { /* Based on L-release version */ if (len < 9) { goto err_out; } STREAM_TO_UINT8(adv_data.filt_index, p); STREAM_TO_UINT8(adv_data.addr_type, p); STREAM_TO_BDADDR(adv_data.bd_addr, p); Loading @@ -129,8 +155,15 @@ void btm_ble_batchscan_filter_track_adv_vse_cback(uint8_t len, to_ble_addr_type(adv_data.addr_type)); ble_advtrack_cb.p_track_cback(&adv_data); return; } return; err_out: BTM_TRACE_ERROR("malformatted packet detected"); osi_free_and_reset((void **) &adv_data.p_adv_pkt_data); osi_free_and_reset((void **) &adv_data.p_scan_rsp_data); } void feat_enable_cb(uint8_t* p, uint16_t len) { Loading
