Loading system/btif/src/btif_rc.cc +33 −19 Original line number Diff line number Diff line Loading @@ -3650,29 +3650,31 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg, * for standard attributes. */ p_app_settings->num_ext_attrs = 0; for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str); } p_app_settings->ext_attr_index = 0; if (p_dev) { for (xx = 0; xx < p_app_settings->num_attrs; xx++) { for (xx = 0; xx < p_app_settings->num_attrs && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { attrs[xx] = p_app_settings->attrs[xx].attr_id; } do_in_jni_thread( FROM_HERE, base::Bind(bt_rc_ctrl_callbacks->playerapplicationsetting_cb, FROM_HERE, base::Bind(bt_rc_ctrl_callbacks->playerapplicationsetting_cb, p_dev->rc_addr, p_app_settings->num_attrs, p_app_settings->attrs, 0, nullptr)); get_player_app_setting_cmd(xx, attrs, p_dev); } return; } for (xx = 0; xx < p_rsp->num_attr; xx++) { uint8_t x; for (x = 0; x < p_app_settings->num_ext_attrs; x++) { for (x = 0; x < p_app_settings->num_ext_attrs && x < AVRC_MAX_APP_ATTR_SIZE; x++) { if (p_app_settings->ext_attrs[x].attr_id == p_rsp->p_attrs[xx].attr_id) { p_app_settings->ext_attrs[x].charset_id = p_rsp->p_attrs[xx].charset_id; p_app_settings->ext_attrs[x].str_len = p_rsp->p_attrs[xx].str_len; Loading @@ -3682,7 +3684,9 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg, } } for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val; xx++) { for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val && xx < BTRC_MAX_APP_ATTR_SIZE; xx++) { vals[xx] = p_app_settings->ext_attrs[0].ext_attr_val[xx].val; } get_player_app_setting_value_text_cmd(vals, xx, p_dev); Loading Loading @@ -3726,11 +3730,13 @@ static void handle_app_attr_val_txt_response( * for standard attributes. */ p_app_settings->num_ext_attrs = 0; for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { int x; btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx]; for (x = 0; x < p_ext_attr->num_val; x++) for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++) osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str); p_ext_attr->num_val = 0; osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str); Loading @@ -3749,11 +3755,17 @@ static void handle_app_attr_val_txt_response( return; } if (p_app_settings->ext_val_index >= AVRC_MAX_APP_ATTR_SIZE) { BTIF_TRACE_ERROR("ext_val_index is 0x%02x, overflow!", p_app_settings->ext_val_index); return; } for (xx = 0; xx < p_rsp->num_attr; xx++) { uint8_t x; btrc_player_app_ext_attr_t* p_ext_attr; p_ext_attr = &p_app_settings->ext_attrs[p_app_settings->ext_val_index]; for (x = 0; x < p_rsp->num_attr; x++) { for (x = 0; x < p_rsp->num_attr && x < BTRC_MAX_APP_ATTR_SIZE; x++) { if (p_ext_attr->ext_attr_val[x].val == p_rsp->p_attrs[xx].attr_id) { p_ext_attr->ext_attr_val[x].charset_id = p_rsp->p_attrs[xx].charset_id; p_ext_attr->ext_attr_val[x].str_len = p_rsp->p_attrs[xx].str_len; Loading Loading @@ -3806,10 +3818,12 @@ static void handle_app_attr_val_txt_response( **************************************************************************/ static void cleanup_app_attr_val_txt_response( btif_rc_player_app_settings_t* p_app_settings) { for (uint8_t xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (uint8_t xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { int x; btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx]; for (x = 0; x < p_ext_attr->num_val; x++) { for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++) { osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str); } p_ext_attr->num_val = 0; Loading system/stack/a2dp/a2dp_codec_config.cc +0 −10 Original line number Diff line number Diff line Loading @@ -598,9 +598,6 @@ bool A2dpCodecs::init() { LOG_INFO("%s", __func__); std::lock_guard<std::recursive_mutex> lock(codec_mutex_); bool opus_enabled = osi_property_get_bool("persist.bluetooth.opus.enabled", false); for (int i = BTAV_A2DP_CODEC_INDEX_MIN; i < BTAV_A2DP_CODEC_INDEX_MAX; i++) { btav_a2dp_codec_index_t codec_index = static_cast<btav_a2dp_codec_index_t>(i); Loading @@ -613,13 +610,6 @@ bool A2dpCodecs::init() { codec_priority = cp_iter->second; } // If OPUS is not supported it is disabled if (codec_index == BTAV_A2DP_CODEC_INDEX_SOURCE_OPUS && !opus_enabled) { codec_priority = BTAV_A2DP_CODEC_PRIORITY_DISABLED; LOG_INFO("%s: OPUS codec disabled, updated priority to %d", __func__, codec_priority); } A2dpCodecConfig* codec_config = A2dpCodecConfig::createCodec(codec_index, codec_priority); if (codec_config == nullptr) continue; Loading system/stack/a2dp/a2dp_sbc.cc +5 −0 Original line number Diff line number Diff line Loading @@ -696,6 +696,11 @@ bool A2DP_BuildCodecHeaderSbc(UNUSED_ATTR const uint8_t* p_codec_info, return false; } // there is an 4-byte timestamp right following p_buf if (p_buf->offset < 4 + A2DP_SBC_MPL_HDR_LEN) { return false; } p_buf->offset -= A2DP_SBC_MPL_HDR_LEN; uint8_t* p = (uint8_t*)(p_buf + 1) + p_buf->offset; p_buf->len += A2DP_SBC_MPL_HDR_LEN; Loading system/stack/gatt/gatt_cl.cc +3 −2 Original line number Diff line number Diff line Loading @@ -596,7 +596,8 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, VLOG(1) << StringPrintf("value resp op_code = %s len = %d", gatt_dbg_op_name(op_code), len); if (len < GATT_PREP_WRITE_RSP_MIN_LEN) { if (len < GATT_PREP_WRITE_RSP_MIN_LEN || len > GATT_PREP_WRITE_RSP_MIN_LEN + sizeof(value.value)) { LOG(ERROR) << "illegal prepare write response length, discard"; gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value); return; Loading @@ -605,7 +606,7 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, STREAM_TO_UINT16(value.handle, p); STREAM_TO_UINT16(value.offset, p); value.len = len - 4; value.len = len - GATT_PREP_WRITE_RSP_MIN_LEN; memcpy(value.value, p, value.len); Loading system/stack/sdp/sdp_db.cc +16 −5 Original line number Diff line number Diff line Loading @@ -356,6 +356,11 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type, uint16_t zz; tSDP_RECORD* p_rec = &sdp_cb.server_db.record[0]; if (p_val == nullptr) { SDP_TRACE_WARNING("Trying to add attribute with p_val == nullptr, skipped"); return (false); } if (sdp_cb.trace_level >= BT_TRACE_LEVEL_DEBUG) { if ((attr_type == UINT_DESC_TYPE) || (attr_type == TWO_COMP_INT_DESC_TYPE) || Loading Loading @@ -401,6 +406,14 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type, /* Find the record in the database */ for (zz = 0; zz < sdp_cb.server_db.num_records; zz++, p_rec++) { if (p_rec->record_handle == handle) { // error out early, no need to look up if (p_rec->free_pad_ptr >= SDP_MAX_PAD_LEN) { SDP_TRACE_ERROR("the free pad for SDP record with handle %d is " "full, skip adding the attribute", handle); return (false); } return SDP_AddAttributeToRecord(p_rec, attr_id, attr_type, attr_len, p_val); } Loading Loading @@ -466,15 +479,13 @@ bool SDP_AddAttributeToRecord(tSDP_RECORD* p_rec, uint16_t attr_id, attr_len = 0; } if ((attr_len > 0) && (p_val != 0)) { if (attr_len > 0) { p_attr->len = attr_len; memcpy(&p_rec->attr_pad[p_rec->free_pad_ptr], p_val, (size_t)attr_len); p_attr->value_ptr = &p_rec->attr_pad[p_rec->free_pad_ptr]; p_rec->free_pad_ptr += attr_len; } else if ((attr_len == 0 && p_attr->len != 0) || /* if truncate to 0 length, simply don't add */ p_val == 0) { } else if (attr_len == 0 && p_attr->len != 0) { /* if truncate to 0 length, simply don't add */ SDP_TRACE_ERROR( "SDP_AddAttributeToRecord fail, length exceed maximum: ID %d: " "attr_len:%d ", Loading Loading
system/btif/src/btif_rc.cc +33 −19 Original line number Diff line number Diff line Loading @@ -3650,29 +3650,31 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg, * for standard attributes. */ p_app_settings->num_ext_attrs = 0; for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str); } p_app_settings->ext_attr_index = 0; if (p_dev) { for (xx = 0; xx < p_app_settings->num_attrs; xx++) { for (xx = 0; xx < p_app_settings->num_attrs && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { attrs[xx] = p_app_settings->attrs[xx].attr_id; } do_in_jni_thread( FROM_HERE, base::Bind(bt_rc_ctrl_callbacks->playerapplicationsetting_cb, FROM_HERE, base::Bind(bt_rc_ctrl_callbacks->playerapplicationsetting_cb, p_dev->rc_addr, p_app_settings->num_attrs, p_app_settings->attrs, 0, nullptr)); get_player_app_setting_cmd(xx, attrs, p_dev); } return; } for (xx = 0; xx < p_rsp->num_attr; xx++) { uint8_t x; for (x = 0; x < p_app_settings->num_ext_attrs; x++) { for (x = 0; x < p_app_settings->num_ext_attrs && x < AVRC_MAX_APP_ATTR_SIZE; x++) { if (p_app_settings->ext_attrs[x].attr_id == p_rsp->p_attrs[xx].attr_id) { p_app_settings->ext_attrs[x].charset_id = p_rsp->p_attrs[xx].charset_id; p_app_settings->ext_attrs[x].str_len = p_rsp->p_attrs[xx].str_len; Loading @@ -3682,7 +3684,9 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg, } } for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val; xx++) { for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val && xx < BTRC_MAX_APP_ATTR_SIZE; xx++) { vals[xx] = p_app_settings->ext_attrs[0].ext_attr_val[xx].val; } get_player_app_setting_value_text_cmd(vals, xx, p_dev); Loading Loading @@ -3726,11 +3730,13 @@ static void handle_app_attr_val_txt_response( * for standard attributes. */ p_app_settings->num_ext_attrs = 0; for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { int x; btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx]; for (x = 0; x < p_ext_attr->num_val; x++) for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++) osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str); p_ext_attr->num_val = 0; osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str); Loading @@ -3749,11 +3755,17 @@ static void handle_app_attr_val_txt_response( return; } if (p_app_settings->ext_val_index >= AVRC_MAX_APP_ATTR_SIZE) { BTIF_TRACE_ERROR("ext_val_index is 0x%02x, overflow!", p_app_settings->ext_val_index); return; } for (xx = 0; xx < p_rsp->num_attr; xx++) { uint8_t x; btrc_player_app_ext_attr_t* p_ext_attr; p_ext_attr = &p_app_settings->ext_attrs[p_app_settings->ext_val_index]; for (x = 0; x < p_rsp->num_attr; x++) { for (x = 0; x < p_rsp->num_attr && x < BTRC_MAX_APP_ATTR_SIZE; x++) { if (p_ext_attr->ext_attr_val[x].val == p_rsp->p_attrs[xx].attr_id) { p_ext_attr->ext_attr_val[x].charset_id = p_rsp->p_attrs[xx].charset_id; p_ext_attr->ext_attr_val[x].str_len = p_rsp->p_attrs[xx].str_len; Loading Loading @@ -3806,10 +3818,12 @@ static void handle_app_attr_val_txt_response( **************************************************************************/ static void cleanup_app_attr_val_txt_response( btif_rc_player_app_settings_t* p_app_settings) { for (uint8_t xx = 0; xx < p_app_settings->ext_attr_index; xx++) { for (uint8_t xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) { int x; btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx]; for (x = 0; x < p_ext_attr->num_val; x++) { for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++) { osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str); } p_ext_attr->num_val = 0; Loading
system/stack/a2dp/a2dp_codec_config.cc +0 −10 Original line number Diff line number Diff line Loading @@ -598,9 +598,6 @@ bool A2dpCodecs::init() { LOG_INFO("%s", __func__); std::lock_guard<std::recursive_mutex> lock(codec_mutex_); bool opus_enabled = osi_property_get_bool("persist.bluetooth.opus.enabled", false); for (int i = BTAV_A2DP_CODEC_INDEX_MIN; i < BTAV_A2DP_CODEC_INDEX_MAX; i++) { btav_a2dp_codec_index_t codec_index = static_cast<btav_a2dp_codec_index_t>(i); Loading @@ -613,13 +610,6 @@ bool A2dpCodecs::init() { codec_priority = cp_iter->second; } // If OPUS is not supported it is disabled if (codec_index == BTAV_A2DP_CODEC_INDEX_SOURCE_OPUS && !opus_enabled) { codec_priority = BTAV_A2DP_CODEC_PRIORITY_DISABLED; LOG_INFO("%s: OPUS codec disabled, updated priority to %d", __func__, codec_priority); } A2dpCodecConfig* codec_config = A2dpCodecConfig::createCodec(codec_index, codec_priority); if (codec_config == nullptr) continue; Loading
system/stack/a2dp/a2dp_sbc.cc +5 −0 Original line number Diff line number Diff line Loading @@ -696,6 +696,11 @@ bool A2DP_BuildCodecHeaderSbc(UNUSED_ATTR const uint8_t* p_codec_info, return false; } // there is an 4-byte timestamp right following p_buf if (p_buf->offset < 4 + A2DP_SBC_MPL_HDR_LEN) { return false; } p_buf->offset -= A2DP_SBC_MPL_HDR_LEN; uint8_t* p = (uint8_t*)(p_buf + 1) + p_buf->offset; p_buf->len += A2DP_SBC_MPL_HDR_LEN; Loading
system/stack/gatt/gatt_cl.cc +3 −2 Original line number Diff line number Diff line Loading @@ -596,7 +596,8 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, VLOG(1) << StringPrintf("value resp op_code = %s len = %d", gatt_dbg_op_name(op_code), len); if (len < GATT_PREP_WRITE_RSP_MIN_LEN) { if (len < GATT_PREP_WRITE_RSP_MIN_LEN || len > GATT_PREP_WRITE_RSP_MIN_LEN + sizeof(value.value)) { LOG(ERROR) << "illegal prepare write response length, discard"; gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value); return; Loading @@ -605,7 +606,7 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, STREAM_TO_UINT16(value.handle, p); STREAM_TO_UINT16(value.offset, p); value.len = len - 4; value.len = len - GATT_PREP_WRITE_RSP_MIN_LEN; memcpy(value.value, p, value.len); Loading
system/stack/sdp/sdp_db.cc +16 −5 Original line number Diff line number Diff line Loading @@ -356,6 +356,11 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type, uint16_t zz; tSDP_RECORD* p_rec = &sdp_cb.server_db.record[0]; if (p_val == nullptr) { SDP_TRACE_WARNING("Trying to add attribute with p_val == nullptr, skipped"); return (false); } if (sdp_cb.trace_level >= BT_TRACE_LEVEL_DEBUG) { if ((attr_type == UINT_DESC_TYPE) || (attr_type == TWO_COMP_INT_DESC_TYPE) || Loading Loading @@ -401,6 +406,14 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type, /* Find the record in the database */ for (zz = 0; zz < sdp_cb.server_db.num_records; zz++, p_rec++) { if (p_rec->record_handle == handle) { // error out early, no need to look up if (p_rec->free_pad_ptr >= SDP_MAX_PAD_LEN) { SDP_TRACE_ERROR("the free pad for SDP record with handle %d is " "full, skip adding the attribute", handle); return (false); } return SDP_AddAttributeToRecord(p_rec, attr_id, attr_type, attr_len, p_val); } Loading Loading @@ -466,15 +479,13 @@ bool SDP_AddAttributeToRecord(tSDP_RECORD* p_rec, uint16_t attr_id, attr_len = 0; } if ((attr_len > 0) && (p_val != 0)) { if (attr_len > 0) { p_attr->len = attr_len; memcpy(&p_rec->attr_pad[p_rec->free_pad_ptr], p_val, (size_t)attr_len); p_attr->value_ptr = &p_rec->attr_pad[p_rec->free_pad_ptr]; p_rec->free_pad_ptr += attr_len; } else if ((attr_len == 0 && p_attr->len != 0) || /* if truncate to 0 length, simply don't add */ p_val == 0) { } else if (attr_len == 0 && p_attr->len != 0) { /* if truncate to 0 length, simply don't add */ SDP_TRACE_ERROR( "SDP_AddAttributeToRecord fail, length exceed maximum: ID %d: " "attr_len:%d ", Loading
