• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-ccocoa誰得qtrubypythonwindowsphpgamebathyscapheguic翻訳omegattwitterframeworkbtronvb.net計画中(planning stage)testdomarduinodirectxpreviewerゲームエンジン

system/bt


Commit MetaInfo

Revision177df66ee9d55d8a6904ff8b1c45d9b1408504ba (tree)
Zeit2017-06-07 11:37:28
AutorChih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Log Message

Android 7.1.2 Release 17 (NJH47B)
-----BEGIN PGP SIGNATURE-----

iEYEABECAAYFAlkx4gYACgkQ6K0/gZqxDngyRwCeJbiru4WcN54ArDniSoqhfPjK
MNoAn0nw/uL02HUsYCw4sFhUPk6Gd4SX
=Z6JI
-----END PGP SIGNATURE-----

Merge tag 'android-7.1.2_r17' into nougat-x86

Android 7.1.2 Release 17 (NJH47B)

Ändern Zusammenfassung

Diff

--- a/stack/btm/btm_ble_gap.c
+++ b/stack/btm/btm_ble_gap.c
@@ -28,6 +28,8 @@
2828 #include <stdio.h>
2929 #include <stddef.h>
3030
31+#include <log/log.h>
32+
3133 #include "bt_types.h"
3234 #include "bt_utils.h"
3335 #include "btm_ble_api.h"
@@ -2285,7 +2287,7 @@ static void btm_ble_parse_adv_data(tBTM_INQ_INFO *p_info, UINT8 *p_data,
22852287 ** Returns void
22862288 **
22872289 *******************************************************************************/
2288-void btm_ble_cache_adv_data(tBTM_INQ_RESULTS *p_cur, UINT8 data_len, UINT8 *p, UINT8 evt_type)
2290+BOOLEAN btm_ble_cache_adv_data(tBTM_INQ_RESULTS *p_cur, UINT8 data_len, UINT8 *p, UINT8 evt_type)
22892291 {
22902292 tBTM_BLE_INQ_CB *p_le_inq_cb = &btm_cb.ble_ctr_cb.inq_var;
22912293 UINT8 *p_cache;
@@ -2305,8 +2307,16 @@ void btm_ble_cache_adv_data(tBTM_INQ_RESULTS *p_cur, UINT8 data_len, UINT8 *p, U
23052307 STREAM_TO_UINT8(length, p);
23062308 while ( length && ((p_le_inq_cb->adv_len + length + 1) <= BTM_BLE_CACHE_ADV_DATA_MAX))
23072309 {
2310+ /* adv record size must be smaller than the total adv data size */
2311+ if ((length + 1) > data_len) {
2312+ BTM_TRACE_ERROR("BTM - got incorrect LE advertising data");
2313+ android_errorWriteLog(0x534e4554, "33899337");
2314+ return FALSE;
2315+ }
23082316 /* copy from the length byte & data into cache */
23092317 memcpy(p_cache, p-1, length+1);
2318+ /* reduce the total data size by size of data copied */
2319+ data_len -= length + 1;
23102320 /* advance the cache pointer past data */
23112321 p_cache += length+1;
23122322 /* increment cache length */
@@ -2316,6 +2326,7 @@ void btm_ble_cache_adv_data(tBTM_INQ_RESULTS *p_cur, UINT8 data_len, UINT8 *p, U
23162326 STREAM_TO_UINT8(length, p);
23172327 }
23182328 }
2329+ return TRUE;
23192330
23202331 /* parse service UUID from adv packet and save it in inq db eir_uuid */
23212332 /* TODO */
@@ -2540,7 +2551,9 @@ BOOLEAN btm_ble_update_inq_result(tINQ_DB_ENT *p_i, UINT8 addr_type, UINT8 evt_t
25402551 BTM_TRACE_WARNING("EIR data too long %d. discard", data_len);
25412552 return FALSE;
25422553 }
2543- btm_ble_cache_adv_data(p_cur, data_len, p, evt_type);
2554+ if (!btm_ble_cache_adv_data(p_cur, data_len, p, evt_type)) {
2555+ return FALSE;
2556+ }
25442557
25452558 p1 = (p + data_len);
25462559 STREAM_TO_UINT8 (rssi, p1);