• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-ccocoa誰得qtrubybathyscaphegamephpguicwindows翻訳pythonomegattwitterframeworkbtronarduinovb.net計画中(planning stage)directxpreviewertestゲームエンジンdom

system/bt


Commit MetaInfo

Revision8825957cc44b705c782c8b2d33c87a66e02376f6 (tree)
Zeit2017-09-15 02:53:58
AutorPavlin Radoslavov <pavlin@goog...>
CommiterDan Pasanen

Log Message

Allocate buffers of the right size when BT_HDR is included

Bug: 63146105
Test: External script
Change-Id: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
Merged-In: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
(cherry picked from commit d88838a7237cd672d87b6b9cc8d56fff625fd1d5)
(cherry picked from commit b648c7dfe45c57842d58576f558fdf8edff10bec)
(cherry picked from commit 338e0485940ab278e6a2dc12285ba0798b79cfa4)
(cherry picked from commit 510697a0d79ac9816c0e2717c357c3330d89645a)

Ändern Zusammenfassung

Diff

--- a/stack/avdt/avdt_api.c
+++ b/stack/avdt/avdt_api.c
@@ -1284,7 +1284,7 @@ UINT16 AVDT_SendReport(UINT8 handle, AVDT_REPORT_TYPE type,
12841284 /* build SR - assume fit in one packet */
12851285 p_tbl = avdt_ad_tc_tbl_by_type(AVDT_CHAN_REPORT, p_scb->p_ccb, p_scb);
12861286 if (p_tbl->state == AVDT_AD_ST_OPEN) {
1287- BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu);
1287+ BT_HDR *p_pkt = (BT_HDR *)osi_malloc(p_tbl->peer_mtu + sizeof(BT_HDR));
12881288
12891289 p_pkt->offset = L2CAP_MIN_OFFSET;
12901290 p = (UINT8 *)(p_pkt + 1) + p_pkt->offset;
--- a/stack/bnep/bnep_main.c
+++ b/stack/bnep/bnep_main.c
@@ -575,7 +575,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf)
575575 p_bcb->con_state != BNEP_STATE_CONNECTED &&
576576 extension_present && p && rem_len)
577577 {
578- p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len);
578+ p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len + sizeof(BT_HDR));
579579 memcpy((UINT8 *)(p_bcb->p_pending_data + 1), p, rem_len);
580580 p_bcb->p_pending_data->len = rem_len;
581581 p_bcb->p_pending_data->offset = 0;
--- a/stack/l2cap/l2cap_client.c
+++ b/stack/l2cap/l2cap_client.c
@@ -374,7 +374,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) {
374374 assert(packet != NULL);
375375
376376 // TODO(sharvil): eliminate copy into BT_HDR.
377- BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET);
377+ BT_HDR *bt_packet = osi_malloc(buffer_length(packet) + L2CAP_MIN_OFFSET +
378+ sizeof(BT_HDR));
378379 bt_packet->offset = L2CAP_MIN_OFFSET;
379380 bt_packet->len = buffer_length(packet);
380381 memcpy(bt_packet->data + bt_packet->offset, buffer_ptr(packet), buffer_length(packet));
@@ -388,7 +389,8 @@ static void fragment_packet(l2cap_client_t *client, buffer_t *packet) {
388389 break;
389390 }
390391
391- BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET);
392+ BT_HDR *fragment = osi_malloc(client->remote_mtu + L2CAP_MIN_OFFSET +
393+ sizeof(BT_HDR));
392394 fragment->offset = L2CAP_MIN_OFFSET;
393395 fragment->len = client->remote_mtu;
394396 memcpy(fragment->data + fragment->offset, bt_packet->data + bt_packet->offset, client->remote_mtu);
--- a/stack/mcap/mca_cact.c
+++ b/stack/mcap/mca_cact.c
@@ -125,7 +125,7 @@ void mca_ccb_snd_req(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data)
125125 p_ccb->p_tx_req = p_msg;
126126 if (!p_ccb->cong)
127127 {
128- BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU);
128+ BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR));
129129
130130 p_pkt->offset = L2CAP_MIN_OFFSET;
131131 p = p_start = (UINT8*)(p_pkt + 1) + L2CAP_MIN_OFFSET;
@@ -167,7 +167,7 @@ void mca_ccb_snd_rsp(tMCA_CCB *p_ccb, tMCA_CCB_EVT *p_data)
167167 tMCA_CCB_MSG *p_msg = (tMCA_CCB_MSG *)p_data;
168168 UINT8 *p, *p_start;
169169 BOOLEAN chk_mdl = FALSE;
170- BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU);
170+ BT_HDR *p_pkt = (BT_HDR *)osi_malloc(MCA_CTRL_MTU + sizeof(BT_HDR));
171171
172172 MCA_TRACE_DEBUG("%s cong=%d req=%d", __func__, p_ccb->cong, p_msg->op_code);
173173 /* assume that API functions verified the parameters */