Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c574f4a4 authored by Mike Logan's avatar Mike Logan Committed by Android (Google) Code Review
Browse files

Merge "HCI: Check length of connection complete event" into qt-qpr1-dev

parents 1b3e12fd 9e8c665e
Loading
Loading
Loading
Loading
+9 −3
Original line number Diff line number Diff line
@@ -69,7 +69,7 @@ static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len);
static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
                                                 uint8_t hci_evt_len);

static void btu_hcif_connection_comp_evt(uint8_t* p);
static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len);
static void btu_hcif_connection_request_evt(uint8_t* p);
static void btu_hcif_disconnection_comp_evt(uint8_t* p);
static void btu_hcif_authentication_comp_evt(uint8_t* p);
@@ -273,7 +273,7 @@ void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
      btu_hcif_extended_inquiry_result_evt(p, hci_evt_len);
      break;
    case HCI_CONNECTION_COMP_EVT:
      btu_hcif_connection_comp_evt(p);
      btu_hcif_connection_comp_evt(p, hci_evt_len);
      break;
    case HCI_CONNECTION_REQUEST_EVT:
      btu_hcif_connection_request_evt(p);
@@ -992,7 +992,7 @@ static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
 * Returns          void
 *
 ******************************************************************************/
static void btu_hcif_connection_comp_evt(uint8_t* p) {
static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len) {
  uint8_t status;
  uint16_t handle;
  RawAddress bda;
@@ -1000,6 +1000,12 @@ static void btu_hcif_connection_comp_evt(uint8_t* p) {
  uint8_t enc_mode;
  tBTM_ESCO_DATA esco_data;

  if (evt_len < 11) {
    android_errorWriteLog(0x534e4554, "141619686");
    HCI_TRACE_WARNING("%s: malformed event of size %hhd", __func__, evt_len);
    return;
  }

  STREAM_TO_UINT8(status, p);
  STREAM_TO_UINT16(handle, p);
  STREAM_TO_BDADDR(bda, p);