l2cap: Host Crash Observed in L2CAP_ECFC_BV-20-C (c8130dee) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/l2cap/l2c_csm.cc

100644 → 100755

+15 −5

Original line number	Diff line number	Diff line
		@@ -823,7 +823,13 @@ static void l2c_csm_w4_l2ca_connect_rsp(tL2C_CCB* p_ccb, tL2CEVT event,

		for (int i = 0; i < p_ccb->p_lcb->pending_ecoc_conn_cnt; i++) {
		uint16_t cid = p_ccb->p_lcb->pending_ecoc_connection_cids[i];
		if (cid == 0) {
		LOG_WARN("pending_ecoc_connection_cids[%d] is %d", i, cid);
		continue;
		}

		tL2C_CCB* temp_p_ccb = l2cu_find_ccb_by_cid(p_ccb->p_lcb, cid);
		if (temp_p_ccb) {
		auto it = std::find(p_ci->lcids.begin(), p_ci->lcids.end(), cid);
		if (it != p_ci->lcids.end()) {
		temp_p_ccb->chnl_state = CST_OPEN;
		@@ -831,6 +837,10 @@ static void l2c_csm_w4_l2ca_connect_rsp(tL2C_CCB* p_ccb, tL2CEVT event,
		l2cu_release_ccb(temp_p_ccb);
		}
		}
		else {
		LOG_WARN("temp_p_ccb is NULL, pending_ecoc_connection_cids[%d] is %d", i, cid);
		}
		}
		p_ccb->p_lcb->pending_ecoc_conn_cnt = 0;
		memset(p_ccb->p_lcb->pending_ecoc_connection_cids, 0,
		L2CAP_CREDIT_BASED_MAX_CIDS);