Loading system/stack/gatt/gatt_sr.c +16 −4 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,7 @@ #if BLE_INCLUDED == TRUE #if BLE_INCLUDED == TRUE #include <string.h> #include <string.h> #include <log/log.h> #include "gatt_int.h" #include "gatt_int.h" #include "l2c_api.h" #include "l2c_api.h" #include "l2c_int.h" #include "l2c_int.h" Loading Loading @@ -330,8 +331,6 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U tGATT_IF gatt_if; tGATT_IF gatt_if; UINT16 conn_id; UINT16 conn_id; UNUSED(len); #if GATT_CONFORMANCE_TESTING == TRUE #if GATT_CONFORMANCE_TESTING == TRUE if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) { { Loading @@ -344,6 +343,13 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U } } #endif #endif if (len < sizeof(flag)) { android_errorWriteLog(0x534e4554, "73172115"); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, GATT_REQ_EXEC_WRITE, 0, false); return; } STREAM_TO_UINT8(flag, p); STREAM_TO_UINT8(flag, p); /* mask the flag */ /* mask the flag */ Loading Loading @@ -1143,7 +1149,13 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 UINT16 offset = 0, value_len = 0; UINT16 offset = 0, value_len = 0; BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); UNUSED(len); if (op_code == GATT_REQ_READ_BLOB && len < sizeof(UINT16)) { /* Error: packet length is too short */ android_errorWriteWithInfoLog(0x534e4554, "73172115", -1, NULL, 0); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, op_code, 0, false); return; } if (op_code == GATT_REQ_READ_BLOB) if (op_code == GATT_REQ_READ_BLOB) STREAM_TO_UINT16(offset, p_data); STREAM_TO_UINT16(offset, p_data); Loading Loading @@ -1174,7 +1186,7 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 { { osi_free(p_msg); osi_free(p_msg); /* in theroy BUSY is not possible(should already been checked), protected check */ /* in theory BUSY is not possible(should already been checked), protected check */ if (reason != GATT_PENDING && reason != GATT_BUSY) if (reason != GATT_PENDING && reason != GATT_BUSY) gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); } } Loading Loading
system/stack/gatt/gatt_sr.c +16 −4 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,7 @@ #if BLE_INCLUDED == TRUE #if BLE_INCLUDED == TRUE #include <string.h> #include <string.h> #include <log/log.h> #include "gatt_int.h" #include "gatt_int.h" #include "l2c_api.h" #include "l2c_api.h" #include "l2c_int.h" #include "l2c_int.h" Loading Loading @@ -330,8 +331,6 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U tGATT_IF gatt_if; tGATT_IF gatt_if; UINT16 conn_id; UINT16 conn_id; UNUSED(len); #if GATT_CONFORMANCE_TESTING == TRUE #if GATT_CONFORMANCE_TESTING == TRUE if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) if (gatt_cb.enable_err_rsp && gatt_cb.req_op_code == op_code) { { Loading @@ -344,6 +343,13 @@ void gatt_process_exec_write_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U } } #endif #endif if (len < sizeof(flag)) { android_errorWriteLog(0x534e4554, "73172115"); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, GATT_REQ_EXEC_WRITE, 0, false); return; } STREAM_TO_UINT8(flag, p); STREAM_TO_UINT8(flag, p); /* mask the flag */ /* mask the flag */ Loading Loading @@ -1143,7 +1149,13 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 UINT16 offset = 0, value_len = 0; UINT16 offset = 0, value_len = 0; BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); BT_HDR *p_msg = (BT_HDR *)osi_calloc(buf_len); UNUSED(len); if (op_code == GATT_REQ_READ_BLOB && len < sizeof(UINT16)) { /* Error: packet length is too short */ android_errorWriteWithInfoLog(0x534e4554, "73172115", -1, NULL, 0); GATT_TRACE_ERROR("%s: invalid length", __func__); gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, op_code, 0, false); return; } if (op_code == GATT_REQ_READ_BLOB) if (op_code == GATT_REQ_READ_BLOB) STREAM_TO_UINT16(offset, p_data); STREAM_TO_UINT16(offset, p_data); Loading Loading @@ -1174,7 +1186,7 @@ static void gatts_process_read_req(tGATT_TCB *p_tcb, tGATT_SR_REG *p_rcb, UINT8 { { osi_free(p_msg); osi_free(p_msg); /* in theroy BUSY is not possible(should already been checked), protected check */ /* in theory BUSY is not possible(should already been checked), protected check */ if (reason != GATT_PENDING && reason != GATT_BUSY) if (reason != GATT_PENDING && reason != GATT_BUSY) gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); gatt_send_error_rsp (p_tcb, reason, op_code, handle, FALSE); } } Loading
