diff options
author | Jakub Pawlowski <jpawlowski@google.com> | 2018-07-11 02:57:07 -0700 |
---|---|---|
committer | Tim Schumacher <timschumi@gmx.de> | 2018-11-17 16:53:12 +0100 |
commit | 9c9fa769cc610a6e9ebaadda8b3ddc49aa537aee (patch) | |
tree | 6b42d78eaff12bf8d980ee7245505757caad2afa | |
parent | 5f6f08847a357b5b3b81f8a984c6e026f03efb83 (diff) | |
download | android_system_bt-9c9fa769cc610a6e9ebaadda8b3ddc49aa537aee.tar.gz android_system_bt-9c9fa769cc610a6e9ebaadda8b3ddc49aa537aee.tar.bz2 android_system_bt-9c9fa769cc610a6e9ebaadda8b3ddc49aa537aee.zip |
Don't use Address after it was deleted
Bug: 110216173
(cherry picked from commit 9930f6f4e14e64966869b119994126283d645fd0)
Change-Id: Id3364cf53153eafed478546d7347ed1673217e91
Backported-By: Vasyl Gello <vasek.gello@gmail.com>
-rw-r--r-- | bta/dm/bta_dm_act.c | 10 | ||||
-rw-r--r-- | stack/btm/btm_dev.c | 25 | ||||
-rw-r--r-- | stack/include/btm_api.h | 19 |
3 files changed, 30 insertions, 24 deletions
diff --git a/bta/dm/bta_dm_act.c b/bta/dm/bta_dm_act.c index addc3087f..e89e5a6ff 100644 --- a/bta/dm/bta_dm_act.c +++ b/bta/dm/bta_dm_act.c @@ -3521,12 +3521,16 @@ void bta_dm_acl_change(tBTA_DM_MSG *p_data) } if (conn.link_down.is_removed) { - BTM_SecDeleteDevice(p_bda); + // p_bda points to security record, which is removed in + // BTM_SecDeleteDevice. + BD_ADDR addr_copy; + memcpy(addr_copy, p_bda, BD_ADDR_LEN); + BTM_SecDeleteDevice(addr_copy); #if (BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE) /* need to remove all pending background connection */ - BTA_GATTC_CancelOpen(0, p_bda, FALSE); + BTA_GATTC_CancelOpen(0, addr_copy, FALSE); /* remove all cached GATT information */ - BTA_GATTC_Refresh(p_bda); + BTA_GATTC_Refresh(addr_copy); #endif } diff --git a/stack/btm/btm_dev.c b/stack/btm/btm_dev.c index 78af31ffb..9baa73a3e 100644 --- a/stack/btm/btm_dev.c +++ b/stack/btm/btm_dev.c @@ -172,17 +172,16 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, } -/******************************************************************************* -** -** Function BTM_SecDeleteDevice -** -** Description Free resources associated with the device. -** -** Parameters: bd_addr - BD address of the peer -** -** Returns TRUE if removed OK, FALSE if not found or ACL link is active -** -*******************************************************************************/ +/** Free resources associated with the device associated with |bd_addr| address. + * + * *** WARNING *** + * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function + * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is + * no longer valid! + * *** WARNING *** + * + * Returns true if removed OK, false if not found or ACL link is active. + */ BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr) { tBTM_SEC_DEV_REC *p_dev_rec; @@ -196,9 +195,11 @@ BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr) if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL) { + BD_ADDR bda; + memcpy(bda, bd_addr, BD_ADDR_LEN); btm_sec_free_dev(p_dev_rec); /* Tell controller to get rid of the link key, if it has one stored */ - BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL); + BTM_DeleteStoredLinkKey(bda, NULL); } return TRUE; diff --git a/stack/include/btm_api.h b/stack/include/btm_api.h index a04fb898e..b8d879d00 100644 --- a/stack/include/btm_api.h +++ b/stack/include/btm_api.h @@ -3388,15 +3388,16 @@ extern BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, UINT8 key_type, tBTM_IO_CAP io_cap, UINT8 pin_length); -/******************************************************************************* -** -** Function BTM_SecDeleteDevice -** -** Description Free resources associated with the device. -** -** Returns TRUE if rmoved OK, FALSE if not found -** -*******************************************************************************/ +/** Free resources associated with the device associated with |bd_addr| address. + * + * *** WARNING *** + * tBTM_SEC_DEV_REC associated with bd_addr becomes invalid after this function + * is called, also any of it's fields. i.e. if you use p_dev_rec->bd_addr, it is + * no longer valid! + * *** WARNING *** + * + * Returns true if removed OK, false if not found or ACL link is active. + */ extern BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr); |