Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eecf994c authored by Andre Eisenbach's avatar Andre Eisenbach
Browse files

Fix double mutex unlock and if() condition 

Commit "L2CAP and SDP Search API for BT profiles (2/2)" introduced two
separate issues in btsock_rfc_signaled():

1. The "slot_lock" potentially gets unlocked twice, causing
   undefined behaviour.

2. The call to BTA_JvRfcommWrite() was incorrectly taken outside
   of the conditional if() block that only executes the code if
   data is available.

This patch reverts the relevant locking change and fixes the if()
condition.

Bug: 27204458
Change-Id: I63b1257d21ca7bdd248858ec67e28f64e37a7895
parent 7b498911

system/btif/src/btif_sock_rfc.c

+2 −4
Original line number Original line Diff line number Diff line
@@ -799,11 +799,9 @@ void btsock_rfc_signaled(UNUSED_ATTR int fd, int flags, uint32_t user_id) { 
    if (slot->f.connected) {

    if (slot->f.connected) {

      // Make sure there's data pending in case the peer closed the socket.

      // Make sure there's data pending in case the peer closed the socket.

      int size = 0;

      int size = 0;

      if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size))

      if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size)) {

        //unlock before BTA_JvRfcommWrite to avoid deadlock on concurrnet multi rfcomm connectoins

        //concurrnet multi rfcomm connectoins

        pthread_mutex_unlock(&slot_lock);

        BTA_JvRfcommWrite(slot->rfc_handle, slot->id);

        BTA_JvRfcommWrite(slot->rfc_handle, slot->id);

      }

    } else {

    } else {

      LOG_ERROR(LOG_TAG, "%s socket signaled for read while disconnected, slot: %d, channel: %d", __func__, slot->id, slot->scn);

      LOG_ERROR(LOG_TAG, "%s socket signaled for read while disconnected, slot: %d, channel: %d", __func__, slot->id, slot->scn);

      need_close = true;

      need_close = true;