diff options
| author | alk3pInjection <webmaster@raspii.tech> | 2023-12-01 07:02:36 +0800 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2023-12-01 07:02:36 +0800 |
| commit | 4bfffd62989d71b5a26592b2a1bf048d9639ea28 (patch) | |
| tree | 97e8e7576a6cfebdae8d3fda97a7ffee13b9531d | |
| parent | 475a57cd1e5ef6fceffaf6f4f48b915ec19c3b86 (diff) | |
| parent | 140369370ad143076d9a097e9c323f30e758ba32 (diff) | |
Merge tag 'LA.QSSI.13.0.r1-12200-qssi.0' into tachibana-mr1tachibana-mr1
"LA.QSSI.13.0.r1-12200-qssi.0"
Change-Id: I20e4c2d4d34ae5feab98bf4edd9d238ead7687ca
| -rw-r--r-- | hci/src/hci_packet_parser.cc | 24 | ||||
| -rw-r--r-- | stack/btm/btm_sec.cc | 15 | ||||
| -rw-r--r-- | stack/gatt/gatt_sr.cc | 32 |
3 files changed, 33 insertions, 38 deletions
diff --git a/hci/src/hci_packet_parser.cc b/hci/src/hci_packet_parser.cc index 6ad92e7b3..ab9b71b46 100644 --- a/hci/src/hci_packet_parser.cc +++ b/hci/src/hci_packet_parser.cc @@ -301,9 +301,9 @@ static void parse_ble_read_resolving_list_size_response( BT_HDR* response, uint8_t* resolving_list_size_ptr) { uint8_t* stream = read_command_complete_header( response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */); - assert(stream != NULL); - STREAM_TO_UINT8(*resolving_list_size_ptr, stream); - + if (stream) { + STREAM_TO_UINT8(*resolving_list_size_ptr, stream); + } buffer_allocator->free(response); } @@ -311,8 +311,10 @@ static void parse_ble_read_suggested_default_data_length_response( BT_HDR* response, uint16_t* ble_default_packet_length_ptr) { uint8_t* stream = read_command_complete_header( response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */); - assert(stream != NULL); - STREAM_TO_UINT8(*ble_default_packet_length_ptr, stream); + if (stream) { + STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream); + } + buffer_allocator->free(response); } static void parse_ble_read_maximum_advertising_data_length( @@ -320,9 +322,9 @@ static void parse_ble_read_maximum_advertising_data_length( uint8_t* stream = read_command_complete_header( response, HCI_LE_READ_MAXIMUM_ADVERTISING_DATA_LENGTH, 2 /* bytes after */); - assert(stream != NULL); - STREAM_TO_UINT16(*ble_maximum_advertising_data_length_ptr, stream); - + if (stream) { + STREAM_TO_UINT16(*ble_maximum_advertising_data_length_ptr, stream); + } buffer_allocator->free(response); } @@ -353,9 +355,9 @@ static void parse_ble_read_number_of_supported_advertising_sets( uint8_t* stream = read_command_complete_header( response, HCI_LE_READ_NUMBER_OF_SUPPORTED_ADVERTISING_SETS, 1 /* bytes after */); - assert(stream != NULL); - STREAM_TO_UINT8(*ble_number_of_supported_advertising_sets_ptr, stream); - + if (stream) { + STREAM_TO_UINT8(*ble_number_of_supported_advertising_sets_ptr, stream); + } buffer_allocator->free(response); } diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc index 01192bfa2..be43d17a5 100644 --- a/stack/btm/btm_sec.cc +++ b/stack/btm/btm_sec.cc @@ -5577,21 +5577,12 @@ extern tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) { ******************************************************************************/ static bool btm_sec_start_get_name(tBTM_SEC_DEV_REC* p_dev_rec) { uint8_t tempstate = p_dev_rec->sec_state; - RawAddress bd_addr; + p_dev_rec->sec_state = BTM_SEC_STATE_GETTING_NAME; - bd_addr = p_dev_rec->bd_addr; - if (p_dev_rec->bd_addr == p_dev_rec->ble.identity_addr ){ - if (!p_dev_rec->ble.pseudo_addr.IsEmpty()){ - bd_addr = p_dev_rec->ble.pseudo_addr; - BTM_TRACE_EVENT("btm_sec_start_get_name, change addr %s to new %s", - p_dev_rec->bd_addr.ToString().c_str(), - p_dev_rec->ble.pseudo_addr.ToString().c_str()); - } - } - BTM_TRACE_EVENT("btm_sec_start_get_name, bd_addr %s", bd_addr.ToString().c_str()); + /* 0 and NULL are as timeout and callback params because they are not used in * security get name case */ - if ((btm_initiate_rem_name(bd_addr, BTM_RMT_NAME_SEC, 0, NULL)) != + if ((btm_initiate_rem_name(p_dev_rec->bd_addr, BTM_RMT_NAME_SEC, 0, NULL)) != BTM_CMD_STARTED) { p_dev_rec->sec_state = tempstate; return (false); diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc index 1a50f3810..ad620df3d 100644 --- a/stack/gatt/gatt_sr.cc +++ b/stack/gatt/gatt_sr.cc @@ -22,6 +22,7 @@ * ******************************************************************************/ +#include <algorithm> #include "bt_target.h" #include "bt_utils.h" #include "osi/include/osi.h" @@ -224,38 +225,39 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status, } if (p_rsp != NULL) { - total_len = (p_buf->len + p_rsp->attr_value.len); + total_len = p_buf->len; if (p_cmd->multi_req.is_variable_len) { total_len += 2; } if (total_len > mtu) { - /* just send the partial response for the overflow case */ - len = p_rsp->attr_value.len - (total_len - mtu); + VLOG(1) << "Buffer space not enough for this data item, skipping"; + break; + } + + len = std::min((size_t) p_rsp->attr_value.len, (size_t)(mtu - total_len)); + + if (len == 0) { + VLOG(1) << "Buffer space not enough for this data item, skipping"; + break; + } + + if (len < p_rsp->attr_value.len) { is_overflow = true; VLOG(1) << StringPrintf( "multi read overflow available len=%zu val_len=%d", len, p_rsp->attr_value.len); - } else { - len = p_rsp->attr_value.len; } VLOG(1) << __func__ << " multi_req.is_variable_len: " << +p_cmd->multi_req.is_variable_len; if (p_cmd->multi_req.is_variable_len) { - UINT16_TO_STREAM(p, p_rsp->attr_value.len); + UINT16_TO_STREAM(p, (uint16_t) len); p_buf->len += 2; } if (p_rsp->attr_value.handle == p_cmd->multi_req.handles[ii]) { - // check for possible integer overflow - if (p_buf->len + len <= UINT16_MAX) { - memcpy(p, p_rsp->attr_value.value, len); - if (!is_overflow) p += len; - p_buf->len += len; - } else { - p_cmd->status = GATT_NOT_FOUND; - break; - } + ARRAY_TO_STREAM(p, p_rsp->attr_value.value, (uint16_t) len); + p_buf->len += (uint16_t) len; } else { p_cmd->status = GATT_NOT_FOUND; break; |