Snap for 4821244 from 5a289716 to pi-release

 *

 *****************************************************************************/

#include <log/log.h>

#include <string.h>

#include "avct_api.h"

#include "avct_int.h"

  uint8_t* p;

  uint8_t pkt_type;

  if (p_buf->len == 0) {

    osi_free_and_reset((void**)&p_buf);

    android_errorWriteLog(0x534e4554, "79944113");

    return nullptr;

  }

  /* parse the message header */

  p = (uint8_t*)(p_buf + 1) + p_buf->offset;

  pkt_type = AVCT_PKT_TYPE(p);

    return;

  }

  if (p_data->p_buf->len < AVCT_HDR_LEN_SINGLE) {

    AVCT_TRACE_WARNING("Invalid AVCTP packet length %d: must be at least %d",

                       p_data->p_buf->len, AVCT_HDR_LEN_SINGLE);

    osi_free_and_reset((void**)&p_data->p_buf);

    android_errorWriteLog(0x534e4554, "79944113");

    return;

  }

  p = (uint8_t*)(p_data->p_buf + 1) + p_data->p_buf->offset;

  /* parse header byte */

 *

 ******************************************************************************/

#include <log/log.h>

#include <string.h>

#include "avdt_api.h"

#include "avdt_int.h"

      case AVDT_CAT_PROTECT:

        p_cfg->psc_mask &= ~AVDT_PSC_PROTECT;

        if (p + elem_len > p_end) {

          err = AVDT_ERR_LENGTH;

          android_errorWriteLog(0x534e4554, "78288378");

          break;

        }

        if ((elem_len + protect_offset) < AVDT_PROTECT_SIZE) {

          p_cfg->num_protect++;

          p_cfg->protect_info[protect_offset] = elem_len;

        if (elem_len >= AVDT_CODEC_SIZE) {

          tmp = AVDT_CODEC_SIZE - 1;

        }

        if (p + tmp > p_end) {

          err = AVDT_ERR_LENGTH;

          android_errorWriteLog(0x534e4554, "78288378");

          break;

        }

        p_cfg->num_codec++;

        p_cfg->codec_info[0] = elem_len;

        memcpy(&p_cfg->codec_info[1], p, tmp);

  tBNEP_CONN* p_bcb;

  uint8_t* p = (uint8_t*)(p_buf + 1) + p_buf->offset;

  uint16_t rem_len = p_buf->len;

  if (rem_len == 0) {

    android_errorWriteLog(0x534e4554, "78286118");

    osi_free(p_buf);

    return;

  }

  uint8_t type, ctrl_type, ext_type = 0;

  bool extension_present, fw_ext_present;

  uint16_t protocol = 0;

      uint16_t org_len, new_len;

      /* parse the extension headers and process unknown control headers */

      org_len = rem_len;

      new_len = 0;

      do {

        if (org_len < 2) break;

        if (org_len < 2) {

          android_errorWriteLog(0x534e4554, "67863755");

          break;

        }

        ext = *p++;

        length = *p++;

        p += length;

        new_len = (length + 2);

        if (new_len > org_len) break;

        if (new_len > org_len) {

          android_errorWriteLog(0x534e4554, "67863755");

          break;

        }

        if ((!(ext & 0x7F)) && (*p > BNEP_FILTER_MULTI_ADDR_RESPONSE_MSG))

        if ((ext & 0x7F) == BNEP_EXTENSION_FILTER_CONTROL) {

          if (length == 0) {

            android_errorWriteLog(0x534e4554, "79164722");

            break;

          }

          if (*p > BNEP_FILTER_MULTI_ADDR_RESPONSE_MSG) {

            bnep_send_command_not_understood(p_bcb, *p);

          }

        }

        p += length;

        org_len -= new_len;

      } while (ext & 0x80);

      android_errorWriteLog(0x534e4554, "67863755");

    }

    osi_free(p_buf);

    return;

  }

        while (extension_present && p && rem_len) {

          ext_type = *p++;

          rem_len--;

          android_errorWriteLog(0x534e4554, "69271284");

          extension_present = ext_type >> 7;

          ext_type &= 0x7F;

          /* if unknown extension present stop processing */

          if (ext_type) break;

          if (ext_type != BNEP_EXTENSION_FILTER_CONTROL) break;

          android_errorWriteLog(0x534e4554, "69271284");

          p = bnep_process_control_packet(p_bcb, p, &rem_len, true);

        }

      }