Loading system/stack/sdp/sdp_discovery.cc +11 −0 Original line number Diff line number Diff line Loading @@ -280,6 +280,11 @@ static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply, uint16_t total, cur_handles, orig; uint8_t cont_len; if (p_reply + 8 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } /* Skip transaction, and param len */ p_reply += 4; BE_STREAM_TO_UINT16(total, p_reply); Loading @@ -298,6 +303,12 @@ static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply, if (p_ccb->num_handles > sdp_cb.max_recs_per_search) p_ccb->num_handles = sdp_cb.max_recs_per_search; if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } for (xx = orig; xx < p_ccb->num_handles; xx++) BE_STREAM_TO_UINT32(p_ccb->handles[xx], p_reply); Loading Loading
system/stack/sdp/sdp_discovery.cc +11 −0 Original line number Diff line number Diff line Loading @@ -280,6 +280,11 @@ static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply, uint16_t total, cur_handles, orig; uint8_t cont_len; if (p_reply + 8 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } /* Skip transaction, and param len */ p_reply += 4; BE_STREAM_TO_UINT16(total, p_reply); Loading @@ -298,6 +303,12 @@ static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply, if (p_ccb->num_handles > sdp_cb.max_recs_per_search) p_ccb->num_handles = sdp_cb.max_recs_per_search; if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) { android_errorWriteLog(0x534e4554, "74249842"); sdp_disconnect(p_ccb, SDP_GENERIC_ERROR); return; } for (xx = orig; xx < p_ccb->num_handles; xx++) BE_STREAM_TO_UINT32(p_ccb->handles[xx], p_reply); Loading
