Protect against Bluetooth share crash because of invalid timer callback

If the timer callback is not set when fired, a SIGSEGV will ensue. This
patch checks to make sure the callback is set before invoking the
function.

Bug: 17307367
Change-Id: I2ee284bdbd3b54a368e373d9ac9e6e47205dcff6

1 files changed, 11 insertions, 4 deletions

diff --git a/jni/com_android_bluetooth_btservice_AdapterService.cpp b/jni/com_android_bluetooth_btservice_AdapterService.cpp
index decb024f1..ea765b53a 100644
--- a/jni/com_android_bluetooth_btservice_AdapterService.cpp
+++ b/jni/com_android_bluetooth_btservice_AdapterService.cpp
@@ -507,11 +507,14 @@ static bool set_wake_alarm_callout(uint64_t delay_millis, bool should_wake, alar
         return false;
     }
 
+    sAlarmCallback = cb;
+    sAlarmCallbackData = data;
+
     jboolean jshould_wake = should_wake ? JNI_TRUE : JNI_FALSE;
     jboolean ret = env->CallBooleanMethod(sJniAdapterServiceObj, method_setWakeAlarm, (jlong)delay_millis, jshould_wake);
-    if (ret) {
-        sAlarmCallback = cb;
-        sAlarmCallbackData = data;
+    if (!ret) {
+        sAlarmCallback = NULL;
+        sAlarmCallbackData = NULL;
     }
 
     if (status == JNI_EDETACHED) {
@@ -586,7 +589,11 @@ static int release_wake_lock_callout(const char *lock_name) {
 // Called by Java code when alarm is fired. A wake lock is held by the caller
 // over the duration of this callback.
 static void alarmFiredNative(JNIEnv *env, jobject obj) {
-    sAlarmCallback(sAlarmCallbackData);
+    if (sAlarmCallback) {
+        sAlarmCallback(sAlarmCallbackData);
+    } else {
+        ALOGE("%s() - Alarm fired with callback not set!", __FUNCTION__);
+    }
 }
 
 static void remote_mas_instances_callback(bt_status_t status, bt_bdaddr_t *bd_addr,