Merge changes from topic "am-4f00fbdf-3978-4c02-91d3-d55eeb01b9a9-mnc-dev" into mnc-dr1.5-dev (d81c59cb) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/l2cap/l2c_main.c

+108 −0

Original line number	Diff line number	Diff line
		@@ -389,9 +389,17 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		switch (cmd_code)
		{
		case L2CAP_CMD_REJECT:
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (rej_reason, p);
		if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED)
		{
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (rej_mtu, p);
		/* What to do with the MTU reject ? We have negotiated an MTU. For now */
		/* we will ignore it and let a higher protocol timeout take care of it */
		@@ -400,6 +408,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		}
		if (rej_reason == L2CAP_CMD_REJ_INVALID_CID)
		{
		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (rcid, p);
		STREAM_TO_UINT16 (lcid, p);

		@@ -432,6 +444,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		break;

		case L2CAP_CMD_CONN_REQ:
		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (con_info.psm, p);
		STREAM_TO_UINT16 (rcid, p);
		if ((p_rcb = l2cu_find_rcb_by_psm (con_info.psm)) == NULL)
		@@ -463,6 +479,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		break;

		case L2CAP_CMD_CONN_RSP:
		if (p + 8 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (con_info.remote_cid, p);
		STREAM_TO_UINT16 (lcid, p);
		STREAM_TO_UINT16 (con_info.l2cap_result, p);
		@@ -495,6 +515,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		cfg_rej = FALSE;
		cfg_rej_len = 0;

		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (lcid, p);
		STREAM_TO_UINT16 (cfg_info.flags, p);

		@@ -505,6 +529,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		while (p < p_cfg_end)
		{
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_code, p);
		STREAM_TO_UINT8 (cfg_len, p);

		@@ -512,16 +540,28 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		{
		case L2CAP_CFG_TYPE_MTU:
		cfg_info.mtu_present = TRUE;
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (cfg_info.mtu, p);
		break;

		case L2CAP_CFG_TYPE_FLUSH_TOUT:
		cfg_info.flush_to_present = TRUE;
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (cfg_info.flush_to, p);
		break;

		case L2CAP_CFG_TYPE_QOS:
		cfg_info.qos_present = TRUE;
		if (p + 2 + 5 * 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p);
		STREAM_TO_UINT8 (cfg_info.qos.service_type, p);
		STREAM_TO_UINT32 (cfg_info.qos.token_rate, p);
		@@ -533,6 +573,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		case L2CAP_CFG_TYPE_FCR:
		cfg_info.fcr_present = TRUE;
		if (p + 3 + 3 * 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.fcr.mode, p);
		STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p);
		STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p);
		@@ -543,11 +587,19 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		case L2CAP_CFG_TYPE_FCS:
		cfg_info.fcs_present = TRUE;
		if (p + 1 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.fcs, p);
		break;

		case L2CAP_CFG_TYPE_EXT_FLOW:
		cfg_info.ext_flow_spec_present = TRUE;
		if (p + 2 + 2 + 3 * 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p);
		STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p);
		STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p);
		@@ -598,6 +650,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		case L2CAP_CMD_CONFIG_RSP:
		p_cfg_end = p + cmd_len;
		if (p + 6 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (lcid, p);
		STREAM_TO_UINT16 (cfg_info.flags, p);
		STREAM_TO_UINT16 (cfg_info.result, p);
		@@ -607,6 +663,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		while (p < p_cfg_end)
		{
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_code, p);
		STREAM_TO_UINT8 (cfg_len, p);

		@@ -614,16 +674,28 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		{
		case L2CAP_CFG_TYPE_MTU:
		cfg_info.mtu_present = TRUE;
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (cfg_info.mtu, p);
		break;

		case L2CAP_CFG_TYPE_FLUSH_TOUT:
		cfg_info.flush_to_present = TRUE;
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (cfg_info.flush_to, p);
		break;

		case L2CAP_CFG_TYPE_QOS:
		cfg_info.qos_present = TRUE;
		if (p + 2 + 5 * 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p);
		STREAM_TO_UINT8 (cfg_info.qos.service_type, p);
		STREAM_TO_UINT32 (cfg_info.qos.token_rate, p);
		@@ -635,6 +707,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		case L2CAP_CFG_TYPE_FCR:
		cfg_info.fcr_present = TRUE;
		if (p + 3 + 3 * 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.fcr.mode, p);
		STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p);
		STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p);
		@@ -645,11 +721,19 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)

		case L2CAP_CFG_TYPE_FCS:
		cfg_info.fcs_present = TRUE;
		if (p + 1 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.fcs, p);
		break;

		case L2CAP_CFG_TYPE_EXT_FLOW:
		cfg_info.ext_flow_spec_present = TRUE;
		if (p + 2 + 2 + 3 * 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p);
		STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p);
		STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p);
		@@ -681,6 +765,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)


		case L2CAP_CMD_DISC_REQ:
		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (lcid, p);
		STREAM_TO_UINT16 (rcid, p);

		@@ -698,6 +786,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		break;

		case L2CAP_CMD_DISC_RSP:
		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (rcid, p);
		STREAM_TO_UINT16 (lcid, p);

		@@ -727,6 +819,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		break;

		case L2CAP_CMD_INFO_REQ:
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (info_type, p);
		l2cu_send_peer_info_rsp (p_lcb, id, info_type);
		break;
		@@ -739,6 +835,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		p_lcb->w4_info_rsp = FALSE;
		}

		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (info_type, p);
		STREAM_TO_UINT16 (result, p);

		@@ -747,6 +847,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		if ( (info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE)
		&& (result == L2CAP_INFO_RESP_RESULT_SUCCESS) )
		{
		if (p + 4 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT32( p_lcb->peer_ext_fea, p );

		#if (L2CAP_NUM_FIXED_CHNLS > 0)
		@@ -779,6 +883,10 @@ static void process_l2cap_cmd (tL2C_LCB p_lcb, UINT8 p, UINT16 pkt_len)
		{
		if (result == L2CAP_INFO_RESP_RESULT_SUCCESS)
		{
		if (p + 2 > p_next_cmd) {
		android_errorWriteLog(0x534e4554, "74202041");
		return;
		}
		STREAM_TO_UINT16 (p_lcb->ucd_mtu, p);
		}
		}