Loading system/stack/l2cap/l2c_main.cc +48 −6 Original line number Diff line number Diff line Loading @@ -455,19 +455,40 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; if (cfg_len != 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; if (cfg_len != 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; if (cfg_len != 2 + 5 * 4) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -479,7 +500,14 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; if (cfg_len != 3 + 3 * 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -490,13 +518,27 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; if (cfg_len != 1) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; if (cfg_len != 2 + 2 + 3 * 4) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading system/stack/l2cap/l2c_utils.cc +3 −0 Original line number Diff line number Diff line Loading @@ -796,6 +796,9 @@ void l2cu_send_peer_config_rej(tL2C_CCB* p_ccb, uint8_t* p_data, case L2CAP_CFG_TYPE_MTU: case L2CAP_CFG_TYPE_FLUSH_TOUT: case L2CAP_CFG_TYPE_QOS: case L2CAP_CFG_TYPE_FCR: case L2CAP_CFG_TYPE_FCS: case L2CAP_CFG_TYPE_EXT_FLOW: p_data += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; break; Loading Loading
system/stack/l2cap/l2c_main.cc +48 −6 Original line number Diff line number Diff line Loading @@ -455,19 +455,40 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; if (cfg_len != 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; if (cfg_len != 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; if (cfg_len != 2 + 5 * 4) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -479,7 +500,14 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; if (cfg_len != 3 + 3 * 2) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -490,13 +518,27 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; if (cfg_len != 1) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; if (cfg_len != 2 + 2 + 3 * 4) { android_errorWriteLog(0x534e4554, "119870451"); return; } if (p + cfg_len > p_next_cmd) { android_errorWriteLog(0x534e4554, "74202041"); return; } STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading
system/stack/l2cap/l2c_utils.cc +3 −0 Original line number Diff line number Diff line Loading @@ -796,6 +796,9 @@ void l2cu_send_peer_config_rej(tL2C_CCB* p_ccb, uint8_t* p_data, case L2CAP_CFG_TYPE_MTU: case L2CAP_CFG_TYPE_FLUSH_TOUT: case L2CAP_CFG_TYPE_QOS: case L2CAP_CFG_TYPE_FCR: case L2CAP_CFG_TYPE_FCS: case L2CAP_CFG_TYPE_EXT_FLOW: p_data += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; break; Loading
