Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b876b639 authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

Don't use Address after it was deleted 

Bug: 110216173
Change-Id: Id3364cf53153eafed478546d7347ed1673217e91
Merged-In: Id3364cf53153eafed478546d7347ed1673217e91
parent 13dca96c

system/bta/dm/bta_dm_act.cc

+7 −3
Original line number Diff line number Diff line
@@ -3117,11 +3117,15 @@ void bta_dm_acl_change(tBTA_DM_MSG* p_data) { 
      }

    }

    if (conn.link_down.is_removed) {

      BTM_SecDeleteDevice(p_bda);

      // p_bda points to security record, which is removed in

      // BTM_SecDeleteDevice.

      BD_ADDR addr_copy;

      memcpy(addr_copy, p_bda, BD_ADDR_LEN);

      BTM_SecDeleteDevice(addr_copy);

      /* need to remove all pending background connection */

      BTA_GATTC_CancelOpen(0, p_bda, false);

      BTA_GATTC_CancelOpen(0, addr_copy, false);

      /* remove all cached GATT information */

      BTA_GATTC_Refresh(p_bda);

      BTA_GATTC_Refresh(addr_copy);

    }



    bdcpy(conn.link_down.bd_addr, p_bda);

system/stack/btm/btm_dev.cc

+11 −10
Original line number Diff line number Diff line
@@ -148,17 +148,16 @@ bool BTM_SecAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, 
  return true;

}



/*******************************************************************************

 *

 * Function         BTM_SecDeleteDevice

/** Free resources associated with the device associated with |bd_addr| address.

 *

 * Description      Free resources associated with the device.

 *

 * Parameters:      bd_addr          - BD address of the peer

 * *** WARNING ***

 * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function

 * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is

 * no longer valid!

 * *** WARNING ***

 *

 * Returns          true if removed OK, false if not found or ACL link is active

 *

 ******************************************************************************/

 * Returns true if removed OK, false if not found or ACL link is active.

 */

bool BTM_SecDeleteDevice(BD_ADDR bd_addr) {

  if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||

      BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR)) {
@@ -169,9 +168,11 @@ bool BTM_SecDeleteDevice(BD_ADDR bd_addr) { 


  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);

  if (p_dev_rec != NULL) {

    BD_ADDR bda;

    memcpy(bda, bd_addr, BD_ADDR_LEN);

    btm_sec_free_dev(p_dev_rec);

    /* Tell controller to get rid of the link key, if it has one stored */

    BTM_DeleteStoredLinkKey(p_dev_rec->bd_addr, NULL);

    BTM_DeleteStoredLinkKey(bda, NULL);

  }



  return true;

system/stack/include/btm_api.h

+8 −7
Original line number Diff line number Diff line
@@ -1427,15 +1427,16 @@ extern bool BTM_SecAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class, 
                             uint8_t key_type, tBTM_IO_CAP io_cap,

                             uint8_t pin_length);



/*******************************************************************************

 *

 * Function         BTM_SecDeleteDevice

/** Free resources associated with the device associated with |bd_addr| address.

 *

 * Description      Free resources associated with the device.

 * *** WARNING ***

 * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function

 * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is

 * no longer valid!

 * *** WARNING ***

 *

 * Returns          true if rmoved OK, false if not found

 *

 ******************************************************************************/

 * Returns true if removed OK, false if not found or ACL link is active.

 */

extern bool BTM_SecDeleteDevice(BD_ADDR bd_addr);



/*******************************************************************************