Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7ab80f8 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Drop LE CoC fragments when frame size is too big" into pi-dev

parents cdca621c c33be991

system/stack/l2cap/l2c_fcr.cc

+18 −4
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 
 ******************************************************************************/



#include <base/logging.h>

#include <log/log.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>
@@ -854,8 +855,24 @@ void l2c_lcc_proc_pdu(tL2C_CCB* p_ccb, BT_HDR* p_buf) { 
    p_buf->offset += sizeof(sdu_length);

    p_data->offset = 0;



  } else

  } else {

    p_data = p_ccb->ble_sdu;

    if (p_buf->len > (p_ccb->ble_sdu_length - p_data->len)) {

      L2CAP_TRACE_ERROR("%s: buffer length=%d too big. max=%d. Dropped",

                        __func__, p_data->len,

                        (p_ccb->ble_sdu_length - p_data->len));

      android_errorWriteWithInfoLog(0x534e4554, "75298652", -1, NULL, 0);

      osi_free(p_buf);



      /* Throw away all pending fragments and disconnects */

      p_ccb->is_first_seg = true;

      osi_free(p_ccb->ble_sdu);

      p_ccb->ble_sdu = NULL;

      p_ccb->ble_sdu_length = 0;

      l2cu_disconnect_chnl(p_ccb);

      return;

    }

  }



  memcpy((uint8_t*)(p_data + 1) + p_data->offset + p_data->len,

         (uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
@@ -868,9 +885,6 @@ void l2c_lcc_proc_pdu(tL2C_CCB* p_ccb, BT_HDR* p_buf) { 
    p_ccb->ble_sdu_length = 0;

  } else if (p_data->len < p_ccb->ble_sdu_length) {

    p_ccb->is_first_seg = false;

  } else {

    L2CAP_TRACE_ERROR("%s Length in the SDU messed up", __func__);

    // TODO: reset every thing may be???

  }



  osi_free(p_buf);