Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit efa368a8 authored by Stanley Tng's avatar Stanley Tng
Browse files

DO NOT MERGE Drop LE CoC fragments when frame size is too big 

Drop the LE CoC data fragments when the received fragment size is too
big.

Test: Runs LE CoC SL4A test, BleCocTest.
Bug: 75298652
Merged-In: I529944341e9e67a39e7ec7e740d5ada3db8cc23a
Change-Id: I529944341e9e67a39e7ec7e740d5ada3db8cc23a
(cherry picked from commit c33be991)
parent 09d8dbc9

system/stack/l2cap/l2c_fcr.cc

+18 −4
Original line number Original line Diff line number Diff line
@@ -24,6 +24,7 @@ 
 ******************************************************************************/

 ******************************************************************************/





#include <base/logging.h>

#include <base/logging.h>

#include <log/log.h>

#include <stdio.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdlib.h>

#include <string.h>

#include <string.h>
@@ -858,8 +859,24 @@ void l2c_lcc_proc_pdu(tL2C_CCB* p_ccb, BT_HDR* p_buf) { 
    p_buf->offset += sizeof(sdu_length);

    p_buf->offset += sizeof(sdu_length);

    p_data->offset = 0;

    p_data->offset = 0;





  } else

  } else {

    p_data = p_ccb->ble_sdu;

    p_data = p_ccb->ble_sdu;

    if (p_buf->len > (p_ccb->ble_sdu_length - p_data->len)) {

      L2CAP_TRACE_ERROR("%s: buffer length=%d too big. max=%d. Dropped",

                        __func__, p_data->len,

                        (p_ccb->ble_sdu_length - p_data->len));

      android_errorWriteWithInfoLog(0x534e4554, "75298652", -1, NULL, 0);

      osi_free(p_buf);



      /* Throw away all pending fragments and disconnects */

      p_ccb->is_first_seg = true;

      osi_free(p_ccb->ble_sdu);

      p_ccb->ble_sdu = NULL;

      p_ccb->ble_sdu_length = 0;

      l2cu_disconnect_chnl(p_ccb);

      return;

    }

  }





  memcpy((uint8_t*)(p_data + 1) + p_data->offset + p_data->len,

  memcpy((uint8_t*)(p_data + 1) + p_data->offset + p_data->len,

         (uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);

         (uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
@@ -872,9 +889,6 @@ void l2c_lcc_proc_pdu(tL2C_CCB* p_ccb, BT_HDR* p_buf) { 
    p_ccb->ble_sdu_length = 0;

    p_ccb->ble_sdu_length = 0;

  } else if (p_data->len < p_ccb->ble_sdu_length) {

  } else if (p_data->len < p_ccb->ble_sdu_length) {

    p_ccb->is_first_seg = false;

    p_ccb->is_first_seg = false;

  } else {

    L2CAP_TRACE_ERROR("%s Length in the SDU messed up", __func__);

    // TODO: reset every thing may be???

  }

  }





  osi_free(p_buf);

  osi_free(p_buf);