system/bt
修订版 | c9b410982c53a744596636bf72affb40185a35cb (tree) |
---|---|
时间 | 2021-03-02 23:23:40 |
作者 | Chih-Wei Huang <cwhuang@linu...> |
Commiter | Chih-Wei Huang |
Merge tag 'android-8.1.0_r81' into oreo-x86
Android 8.1.0 Release 81 (6780335)
@@ -311,7 +311,6 @@ OI_STATUS OI_CODEC_SBC_DecodeFrame(OI_CODEC_SBC_DECODER_CONTEXT* context, | ||
311 | 311 | return OI_CODEC_SBC_CHECKSUM_MISMATCH; |
312 | 312 | } |
313 | 313 | |
314 | -#ifdef OI_DEBUG | |
315 | 314 | /* |
316 | 315 | * Make sure the bitpool values are sane. |
317 | 316 | */ |
@@ -328,7 +327,6 @@ OI_STATUS OI_CODEC_SBC_DecodeFrame(OI_CODEC_SBC_DECODER_CONTEXT* context, | ||
328 | 327 | OI_SBC_MaxBitpool(&context->common.frameInfo))); |
329 | 328 | return OI_STATUS_INVALID_PARAMETERS; |
330 | 329 | } |
331 | -#endif | |
332 | 330 | |
333 | 331 | /* |
334 | 332 | * Now decode the SBC data. Partial decode is not yet implemented for an SBC |
@@ -51,6 +51,8 @@ | ||
51 | 51 | bool(APPL_AUTH_WRITE_EXCEPTION)(const RawAddress& bd_addr); |
52 | 52 | #endif |
53 | 53 | |
54 | +extern void bta_dm_process_remove_device(const RawAddress& bd_addr); | |
55 | + | |
54 | 56 | /******************************************************************************* |
55 | 57 | * L O C A L F U N C T I O N P R O T O T Y P E S * |
56 | 58 | ******************************************************************************/ |
@@ -3280,6 +3282,13 @@ void btm_io_capabilities_req(const RawAddress& p) { | ||
3280 | 3282 | BTM_TRACE_EVENT("%s: State: %s", __func__, |
3281 | 3283 | btm_pair_state_descr(btm_cb.pairing_state)); |
3282 | 3284 | |
3285 | + if (btm_sec_is_a_bonded_dev(p)) { | |
3286 | + BTM_TRACE_WARNING( | |
3287 | + "%s: Incoming bond request, but %s is already bonded (removing)", | |
3288 | + __func__, p.ToString().c_str()); | |
3289 | + bta_dm_process_remove_device(p); | |
3290 | + } | |
3291 | + | |
3283 | 3292 | p_dev_rec = btm_find_or_alloc_dev(evt_data.bd_addr); |
3284 | 3293 | |
3285 | 3294 | BTM_TRACE_DEBUG("%s:Security mode: %d, Num Read Remote Feat pages: %d", |
@@ -762,6 +762,12 @@ void gatt_process_read_by_type_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, | ||
762 | 762 | /* discover included service */ |
763 | 763 | else if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY && |
764 | 764 | p_clcb->op_subtype == GATT_DISC_INC_SRVC) { |
765 | + if (value_len < 4) { | |
766 | + android_errorWriteLog(0x534e4554, "158833854"); | |
767 | + LOG(ERROR) << __func__ << " Illegal Response length, must be at least 4."; | |
768 | + gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL); | |
769 | + return; | |
770 | + } | |
765 | 771 | STREAM_TO_UINT16(record_value.incl_service.s_handle, p); |
766 | 772 | STREAM_TO_UINT16(record_value.incl_service.e_handle, p); |
767 | 773 |
@@ -813,6 +819,12 @@ void gatt_process_read_by_type_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, | ||
813 | 819 | return; |
814 | 820 | } else /* discover characterisitic */ |
815 | 821 | { |
822 | + if (value_len < 3) { | |
823 | + android_errorWriteLog(0x534e4554, "158778659"); | |
824 | + LOG(ERROR) << __func__ << " Illegal Response length, must be at least 3."; | |
825 | + gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL); | |
826 | + return; | |
827 | + } | |
816 | 828 | STREAM_TO_UINT8(record_value.dclr_value.char_prop, p); |
817 | 829 | STREAM_TO_UINT16(record_value.dclr_value.val_handle, p); |
818 | 830 | if (!GATT_HANDLE_IS_VALID(record_value.dclr_value.val_handle)) { |