system/bt
| 修订版 | c9b410982c53a744596636bf72affb40185a35cb (tree) |
|---|---|
| 时间 | 2021-03-02 23:23:40 |
| 作者 | Chih-Wei Huang <cwhuang@linu...> |
| Commiter | Chih-Wei Huang |
Merge tag 'android-8.1.0_r81' into oreo-x86
Android 8.1.0 Release 81 (6780335)
embdrv/sbc/decoder/srce/decoder-sbc.c (diff)
stack/btm/btm_sec.cc (diff) stack/gatt/gatt_cl.cc (diff)| @@ -311,7 +311,6 @@ OI_STATUS OI_CODEC_SBC_DecodeFrame(OI_CODEC_SBC_DECODER_CONTEXT* context, | ||
| 311 | 311 | return OI_CODEC_SBC_CHECKSUM_MISMATCH; |
| 312 | 312 | } |
| 313 | 313 | |
| 314 | -#ifdef OI_DEBUG | |
| 315 | 314 | /* |
| 316 | 315 | * Make sure the bitpool values are sane. |
| 317 | 316 | */ |
| @@ -328,7 +327,6 @@ OI_STATUS OI_CODEC_SBC_DecodeFrame(OI_CODEC_SBC_DECODER_CONTEXT* context, | ||
| 328 | 327 | OI_SBC_MaxBitpool(&context->common.frameInfo))); |
| 329 | 328 | return OI_STATUS_INVALID_PARAMETERS; |
| 330 | 329 | } |
| 331 | -#endif | |
| 332 | 330 | |
| 333 | 331 | /* |
| 334 | 332 | * Now decode the SBC data. Partial decode is not yet implemented for an SBC |
| @@ -51,6 +51,8 @@ | ||
| 51 | 51 | bool(APPL_AUTH_WRITE_EXCEPTION)(const RawAddress& bd_addr); |
| 52 | 52 | #endif |
| 53 | 53 | |
| 54 | +extern void bta_dm_process_remove_device(const RawAddress& bd_addr); | |
| 55 | + | |
| 54 | 56 | /******************************************************************************* |
| 55 | 57 | * L O C A L F U N C T I O N P R O T O T Y P E S * |
| 56 | 58 | ******************************************************************************/ |
| @@ -3280,6 +3282,13 @@ void btm_io_capabilities_req(const RawAddress& p) { | ||
| 3280 | 3282 | BTM_TRACE_EVENT("%s: State: %s", __func__, |
| 3281 | 3283 | btm_pair_state_descr(btm_cb.pairing_state)); |
| 3282 | 3284 | |
| 3285 | + if (btm_sec_is_a_bonded_dev(p)) { | |
| 3286 | + BTM_TRACE_WARNING( | |
| 3287 | + "%s: Incoming bond request, but %s is already bonded (removing)", | |
| 3288 | + __func__, p.ToString().c_str()); | |
| 3289 | + bta_dm_process_remove_device(p); | |
| 3290 | + } | |
| 3291 | + | |
| 3283 | 3292 | p_dev_rec = btm_find_or_alloc_dev(evt_data.bd_addr); |
| 3284 | 3293 | |
| 3285 | 3294 | BTM_TRACE_DEBUG("%s:Security mode: %d, Num Read Remote Feat pages: %d", |
| @@ -762,6 +762,12 @@ void gatt_process_read_by_type_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, | ||
| 762 | 762 | /* discover included service */ |
| 763 | 763 | else if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY && |
| 764 | 764 | p_clcb->op_subtype == GATT_DISC_INC_SRVC) { |
| 765 | + if (value_len < 4) { | |
| 766 | + android_errorWriteLog(0x534e4554, "158833854"); | |
| 767 | + LOG(ERROR) << __func__ << " Illegal Response length, must be at least 4."; | |
| 768 | + gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL); | |
| 769 | + return; | |
| 770 | + } | |
| 765 | 771 | STREAM_TO_UINT16(record_value.incl_service.s_handle, p); |
| 766 | 772 | STREAM_TO_UINT16(record_value.incl_service.e_handle, p); |
| 767 | 773 |
| @@ -813,6 +819,12 @@ void gatt_process_read_by_type_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, | ||
| 813 | 819 | return; |
| 814 | 820 | } else /* discover characterisitic */ |
| 815 | 821 | { |
| 822 | + if (value_len < 3) { | |
| 823 | + android_errorWriteLog(0x534e4554, "158778659"); | |
| 824 | + LOG(ERROR) << __func__ << " Illegal Response length, must be at least 3."; | |
| 825 | + gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL); | |
| 826 | + return; | |
| 827 | + } | |
| 816 | 828 | STREAM_TO_UINT8(record_value.dclr_value.char_prop, p); |
| 817 | 829 | STREAM_TO_UINT16(record_value.dclr_value.val_handle, p); |
| 818 | 830 | if (!GATT_HANDLE_IS_VALID(record_value.dclr_value.val_handle)) { |
Fork