Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f0128699 authored by Jack He's avatar Jack He Committed by Chris Manton
Browse files

[GD-HCI] ACL handle should be AND'ed with 0xFFF instead of 0xEFF 

* The spec says that connection handle range is 0x000 to 0xEFF
 * 0xEFF is actually 0b111011111111 (3839)
 * 0x7FF is 0b011111111111 (2047)
* 0x7FF is a valid ACL handle, but if we AND 0x7FF with 0xEFF,
  we get 0b011011111111 which is 0x6FF (1791)

Bug: 203729791
Test: gd/cert/run
Tag: #gd-refactor
Change-Id: I7240f997e502287cd6bbbd6a8b69cef88bd51729
parent 54135c6c

system/main/shim/hci_layer.cc

+6 −3
Original line number Diff line number Diff line
@@ -406,7 +406,8 @@ static void transmit_fragment(const uint8_t* stream, size_t length) { 
      handle_with_flags >> 12 & 0b11);

  auto bc_flag =

      static_cast<bluetooth::hci::BroadcastFlag>(handle_with_flags >> 14);

  uint16_t handle = handle_with_flags & 0xEFF;

  uint16_t handle = handle_with_flags & 0xFFF;

  ASSERT_LOG(handle <= 0xEFF, "Require handle <= 0xEFF, but is 0x%X", handle);

  length -= 2;

  // skip data total length

  stream += 2;
@@ -421,7 +422,8 @@ static void transmit_fragment(const uint8_t* stream, size_t length) { 
static void transmit_sco_fragment(const uint8_t* stream, size_t length) {

  uint16_t handle_with_flags;

  STREAM_TO_UINT16(handle_with_flags, stream);

  uint16_t handle = handle_with_flags & 0xEFF;

  uint16_t handle = handle_with_flags & 0xFFF;

  ASSERT_LOG(handle <= 0xEFF, "Require handle <= 0xEFF, but is 0x%X", handle);

  length -= 2;

  // skip data total length

  stream += 1;
@@ -442,7 +444,8 @@ static void transmit_iso_fragment(const uint8_t* stream, size_t length) { 
      handle_with_flags >> 12 & 0b11);

  auto ts_flag =

      static_cast<bluetooth::hci::TimeStampFlag>(handle_with_flags >> 14);

  uint16_t handle = handle_with_flags & 0xEFF;

  uint16_t handle = handle_with_flags & 0xFFF;

  ASSERT_LOG(handle <= 0xEFF, "Require handle <= 0xEFF, but is 0x%X", handle);

  length -= 2;

  // skip data total length

  stream += 2;

system/stack/btm/btm_sco.cc

+2 −1
Original line number Diff line number Diff line
@@ -198,7 +198,8 @@ void btm_route_sco_data(BT_HDR* p_msg) { 
    return;

  }

  LOG_INFO("Received SCO packet from HCI. Dropping it since no handler so far");

  uint16_t handle = handle_with_flags & 0xeff;

  uint16_t handle = handle_with_flags & 0xFFF;

  ASSERT_LOG(handle <= 0xEFF, "Require handle <= 0xEFF, but is 0x%X", handle);

  auto* active_sco = btm_get_active_sco();

  if (active_sco != nullptr && active_sco->hci_handle == handle) {

    // TODO: For MSBC, we need to decode here