BT: Fixed Static Analysis Issues

  - This fix avoids NULL pointer dereferences,
    Array Index Out of Bounds Exceptions
    and Banned funciton in the bluedroid code
    space of Bluetooth.
CRs-Fixed: 890309, 890321

Change-Id: I24ae794ee01b65b5ab15c73cd82677b0481910ad

1 files changed, 3 insertions, 3 deletions

diff --git a/stack/btm/btm_ble_gap.c b/stack/btm/btm_ble_gap.c
index f841148a4..a75745fb2 100644
--- a/stack/btm/btm_ble_gap.c
+++ b/stack/btm/btm_ble_gap.c
@@ -1364,11 +1364,11 @@ UINT8 *btm_ble_build_adv_data(tBTM_BLE_AD_MASK *p_data_mask, UINT8 **p_dst,
             data_mask &= ~BTM_BLE_AD_BIT_FLAGS;
         }
         /* appearance data */
-        if (len > 3 && data_mask & BTM_BLE_AD_BIT_APPEARANCE)
+        if (len > 3 && data_mask & BTM_BLE_AD_BIT_APPEARANCE && p_data)
         {
             *p++ = 3; /* length */
             *p++ = BTM_BLE_AD_TYPE_APPEARANCE;
-            UINT16_TO_STREAM(p, p_data->appearance);
+            UINT16_TO_STREAM(p, p_data->appearance );
             len -= 4;
 
             data_mask &= ~BTM_BLE_AD_BIT_APPEARANCE;
@@ -1412,7 +1412,7 @@ UINT8 *btm_ble_build_adv_data(tBTM_BLE_AD_MASK *p_data_mask, UINT8 **p_dst,
             data_mask &= ~BTM_BLE_AD_BIT_MANU;
         }
         /* TX power */
-        if (len > MIN_ADV_LENGTH && data_mask & BTM_BLE_AD_BIT_TX_PWR)
+        if (len > MIN_ADV_LENGTH && data_mask & BTM_BLE_AD_BIT_TX_PWR && p_data)
         {
             *p++ = MIN_ADV_LENGTH;
             *p++ = BTM_BLE_AD_TYPE_TX_PWR;