Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f36cbd2c authored by Archie Pusaka's avatar Archie Pusaka Committed by Gerrit Code Review
Browse files

Merge "hh: verify uuid is 16 bit before calling As16Bit" into main

parents 9c27f56f 4f8c21c1

system/bta/hh/bta_hh_headtracker.cc

+3 −0
Original line number Diff line number Diff line
@@ -188,6 +188,9 @@ uint16_t bta_hh_get_uuid16(tBTA_HH_DEV_CB* p_dev_cb, Uuid uuid) { 
       uuid == ANDROID_HEADTRACKER_CONTROL_CHARAC_UUID ||

       uuid == ANDROID_HEADTRACKER_REPORT_CHARAC_UUID)) {

    return GATT_UUID_HID_REPORT;

  } else if (!uuid.Is16Bit()) {

    log::warn("UUID is not 16 bit");

    return 0;

  } else {

    return uuid.As16Bit();

  }

system/bta/hh/bta_hh_le.cc

+25 −2
Original line number Diff line number Diff line
@@ -658,7 +658,7 @@ static bool bta_hh_le_write_ccc(tBTA_HH_DEV_CB* p_cb, uint16_t char_handle, 


static bool bta_hh_le_write_rpt_clt_cfg(tBTA_HH_DEV_CB* p_cb);



static void write_rpt_ctl_cfg_cb(uint16_t conn_id, tGATT_STATUS status,

static void write_rpt_clt_cfg_cb(uint16_t conn_id, tGATT_STATUS status,

                                 uint16_t handle, uint16_t len,

                                 const uint8_t* value, void* data) {

  uint8_t srvc_inst_id;
@@ -666,6 +666,16 @@ static void write_rpt_ctl_cfg_cb(uint16_t conn_id, tGATT_STATUS status, 
  tBTA_HH_DEV_CB* p_dev_cb = (tBTA_HH_DEV_CB*)data;

  const gatt::Characteristic* characteristic =

      BTA_GATTC_GetOwningCharacteristic(conn_id, handle);

  if (characteristic == nullptr) {

    log::error("Characteristic with handle {} not found clt cfg", handle);

    return;

  }

  if (!characteristic->uuid.Is16Bit()) {

    log::error("Unexpected len characteristic ID clt cfg: {}",

               characteristic->uuid.ToString());

    return;

  }



  uint16_t char_uuid = bta_hh_get_uuid16(p_dev_cb, characteristic->uuid);



  srvc_inst_id = BTA_GATTC_GetOwningService(conn_id, handle)->handle;
@@ -706,7 +716,7 @@ static bool bta_hh_le_write_rpt_clt_cfg(tBTA_HH_DEV_CB* p_cb) { 
    if (p_rpt->rpt_type == BTA_HH_RPTT_INPUT) {

      if (bta_hh_le_write_ccc(p_cb, p_rpt->char_inst_id,

                              GATT_CLT_CONFIG_NOTIFICATION,

                              write_rpt_ctl_cfg_cb, p_cb)) {

                              write_rpt_clt_cfg_cb, p_cb)) {

        p_cb->clt_cfg_idx = i;

        return true;

      }
@@ -1646,6 +1656,11 @@ static void bta_hh_le_input_rpt_notify(tBTA_GATTC_NOTIFY* p_data) { 
  const gatt::Service* p_svc =

      BTA_GATTC_GetOwningService(p_dev_cb->conn_id, p_char->value_handle);



  if (!p_char->uuid.Is16Bit()) {

    log::error("Unexpected characteristic len: {}", p_char->uuid.ToString());

    return;

  }



  p_rpt = bta_hh_le_find_report_entry(p_dev_cb, p_svc->handle,

                                      bta_hh_get_uuid16(p_dev_cb, p_char->uuid),

                                      p_char->value_handle);
@@ -1838,6 +1853,10 @@ static void read_report_cb(uint16_t conn_id, tGATT_STATUS status, 
    log::error("Unknown handle");

    return;

  }

  if (!p_char->uuid.Is16Bit()) {

    log::error("Unexpected characteristic len: {}", p_char->uuid.ToString());

    return;

  }



  uint16_t char_uuid = bta_hh_get_uuid16(p_dev_cb, p_char->uuid);
@@ -1924,6 +1943,10 @@ static void write_report_cb(uint16_t conn_id, tGATT_STATUS status, 
      BTA_GATTC_GetCharacteristic(conn_id, handle);



  if (p_char == nullptr) return;

  if (!p_char->uuid.Is16Bit()) {

    log::error("Unexpected characteristic len: {}", p_char->uuid.ToString());

    return;

  }



  uint16_t uuid16 = bta_hh_get_uuid16(p_dev_cb, p_char->uuid);

  if (uuid16 != GATT_UUID_HID_REPORT && uuid16 != GATT_UUID_HID_BT_KB_INPUT &&