diff options
| author | xiaowang <quic_xiaowang@quicinc.com> | 2023-04-19 15:51:12 +0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2023-04-20 11:07:23 -0700 |
| commit | 37eec0ea234d7e35bd429f34cd5d9818442f73fe (patch) | |
| tree | abc388c3be758548b5d78a1531872585337b22f8 | |
| parent | eeeff4c55f202ba7f38222e62dfb7399e6098eaf (diff) | |
Add sanity check for periodic sync index
CRs-Fixed: 3471100
Change-Id: I6ab56746eace8d4cd2d7c7d7431d49d6dfadf04b
| -rw-r--r-- | stack/btm/btm_ble_gap.cc | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/stack/btm/btm_ble_gap.cc b/stack/btm/btm_ble_gap.cc index 345e10ed1..fd94a503a 100644 --- a/stack/btm/btm_ble_gap.cc +++ b/stack/btm/btm_ble_gap.cc @@ -1011,6 +1011,10 @@ void btm_ble_start_sync_request(uint8_t sid, RawAddress addr, uint16_t skip, uin uint8_t options = 0; uint8_t cte_type = 7; int index = btm_ble_get_psync_index(sid, addr); + if (index == MAX_SYNC_TRANSACTION) { + BTM_TRACE_ERROR("[PSync]%s: index not found", __func__); + return; + } tBTM_BLE_PERIODIC_SYNC *p = &btm_ble_pa_sync_cb.p_sync[index]; p->sync_state = PERIODIC_SYNC_PENDING; btsnd_hcic_ble_create_periodic_sync(options, sid, address_type, addr, skip, timeout,cte_type); @@ -1076,6 +1080,10 @@ static void btm_ble_start_sync_timeout(void *data) { RawAddress address = p_head->address; int index = btm_ble_get_psync_index(adv_sid, address); + if (index == MAX_SYNC_TRANSACTION) { + BTM_TRACE_ERROR("[PSync]%s: index not found", __func__); + return; + } tBTM_BLE_PERIODIC_SYNC *p = &btm_ble_pa_sync_cb.p_sync[index]; @@ -1253,11 +1261,19 @@ void btm_ble_periodic_adv_sync_lost(uint8_t *param, uint16_t param_len) { uint16_t sync_handle; if (param_len != SYNC_LOST_EVT_LEN) { BTM_TRACE_ERROR("[PSync]%s: Invalid event length",__func__); + return; } STREAM_TO_UINT16(sync_handle, param); + BTM_TRACE_DEBUG("[PSync]%s: sync_handle = %d", __func__, sync_handle); int index = btm_ble_get_psync_index_from_handle(sync_handle); + if (index == MAX_SYNC_TRANSACTION) { + BTM_TRACE_ERROR("[PSync]%s: index not found", __func__); + return; + } tBTM_BLE_PERIODIC_SYNC *ps = &btm_ble_pa_sync_cb.p_sync[index]; - ps->sync_lost_cb.Run(sync_handle); + if (ps->sync_lost_cb) { + ps->sync_lost_cb.Run(sync_handle); + } ps->in_use = false; ps->sid = 0; @@ -1415,6 +1431,11 @@ void BTM_BlePeriodicSyncTransfer(RawAddress addr, uint16_t service_data, } int index = btm_ble_get_free_sync_transfer_index(); + if (index == MAX_SYNC_TRANSACTION) { + BTM_TRACE_ERROR("[PSync]%s: index is unavailable", __func__); + cb.Run(BTM_NO_RESOURCES, addr); + return; + } tBTM_BLE_PERIODIC_SYNC_TRANSFER *p_sync_transfer = &btm_ble_pa_sync_cb.sync_transfer[index]; p_sync_transfer->in_use = true; p_sync_transfer->conn_handle = conn_handle; @@ -1449,6 +1470,11 @@ void BTM_BlePeriodicSyncSetInfo(RawAddress addr, uint16_t service_data, } int index = btm_ble_get_free_sync_transfer_index(); + if (index == MAX_SYNC_TRANSACTION) { + BTM_TRACE_ERROR("[PSync]%s: index is unavailable", __func__); + cb.Run(BTM_NO_RESOURCES, addr); + return; + } tBTM_BLE_PERIODIC_SYNC_TRANSFER *p_sync_transfer = &btm_ble_pa_sync_cb.sync_transfer[index]; p_sync_transfer->in_use = true; p_sync_transfer->conn_handle = conn_handle; |