Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eec52d92 authored by Hansong Zhang's avatar Hansong Zhang
Browse files

DO NOT MERGE Fix unexpected behavior in bta_dm_sdp_result 

Check the number of UUIDs from remote device

Bug: 74016921
Test: manual
Change-Id: I7e1fd420c96bdb4d8b1bb129eb85045f9e3da443
parent 81e85959

system/bta/dm/bta_dm_act.c

+16 −5
Original line number Original line Diff line number Diff line
@@ -26,6 +26,7 @@ 
#define LOG_TAG "bt_bta_dm"

#define LOG_TAG "bt_bta_dm"





#include <assert.h>

#include <assert.h>

#include <cutils/log.h>

#include <string.h>

#include <string.h>





#include "bt_target.h"

#include "bt_target.h"
@@ -130,6 +131,8 @@ static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result); 
#define BTA_DM_SWITCH_DELAY_TIMER_MS 500

#define BTA_DM_SWITCH_DELAY_TIMER_MS 500

#endif

#endif





#define BTA_MAX_SERVICES 32



static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr);

static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr);

static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr);

static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr);

static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir);

static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir);
@@ -1601,7 +1604,7 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data) 
#endif

#endif





    UINT32 num_uuids = 0;

    UINT32 num_uuids = 0;

    UINT8  uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services

    UINT8  uuid_list[BTA_MAX_SERVICES][MAX_UUID_SIZE]; // assuming a max of 32 services





    if((p_data->sdp_event.sdp_result == SDP_SUCCESS)

    if((p_data->sdp_event.sdp_result == SDP_SUCCESS)

        || (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH)

        || (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH)
@@ -1679,8 +1682,12 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data) 
                            (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index-1));

                            (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index-1));

                        tmp_svc = bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index-1];

                        tmp_svc = bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index-1];

                        /* Add to the list of UUIDs */

                        /* Add to the list of UUIDs */

                        if (num_uuids < BTA_MAX_SERVICES) {

                            sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);

                            sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);

                            num_uuids++;

                            num_uuids++;

                        } else {

                            android_errorWriteLog(0x534e4554, "74016921");

                        }

                    }

                    }

                }

                }

            }

            }
@@ -1719,8 +1726,12 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data) 
                {

                {

                    if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid))

                    if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid))

                    {

                    {

                        if (num_uuids < BTA_MAX_SERVICES) {

                            memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);

                            memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);

                            num_uuids++;

                            num_uuids++;

                        } else {

                            android_errorWriteLog(0x534e4554, "74016921");

                        }

                    }

                    }

                }

                }

            } while (p_sdp_rec);

            } while (p_sdp_rec);