diff options
| author | venkata Jagadeesh <vjagad@codeaurora.org> | 2015-06-16 15:29:04 +0530 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2015-10-06 03:21:52 -0600 |
| commit | 2626f0a4260c37742db898539b91f04cb758cc66 (patch) | |
| tree | c3eafcdcd4c0153e31022dd73190e7c90bddb830 /stack/l2cap | |
| parent | 257929ac3b056223e9bbf057363ed8b1a43bbd79 (diff) | |
| download | android_system_bt-2626f0a4260c37742db898539b91f04cb758cc66.tar.gz android_system_bt-2626f0a4260c37742db898539b91f04cb758cc66.tar.bz2 android_system_bt-2626f0a4260c37742db898539b91f04cb758cc66.zip | |
SDP: Restricted invalid attr len in sdp delete
Restricted invalid attr len in SDP_DeleteAttribute as
pointer is trying to access invalid memory when attr_len
is invalid
Registering PNP record before PAN profile as PNP record
should be registered before profiles.In some cases PAN and
PNP SDP registration colliding and leading to memory
corruption in SDP DB.
Change-Id: Ib6d2120c7ef1d10633fa905d6b853281efaf0ecd
Bluetooth: Cleanup ACL link during restarting pending ACL connection
This fix removes the previously held ACL link with the BR_EDR
device before trying to create a new pending connection with the
same device.
Change-Id: Iac941794e2fc86c48781edc86492146ab5c21eae
Bluetooth: Cleanup the lcb variables properly on reuse
- Cleanup all relevant link control block variables
like send_not_acked, partial_segment_being_sent
and stop the info response timer to reuse the same
LCB.
- L2cap layer will reuse the same lcb if the link is
disconnected and wants to re-establish the link.
Change-Id: I822b0ee350574bbeb5b3c86a349d1471fa45761a
CRs-Fixed: 885782
Change-Id: I15f83b5c1a88d248d29080123ebbf4652f2cb340
Diffstat (limited to 'stack/l2cap')
| -rw-r--r-- | stack/l2cap/l2c_link.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/stack/l2cap/l2c_link.c b/stack/l2cap/l2c_link.c index 6cda75d3a..749ce4dea 100644 --- a/stack/l2cap/l2c_link.c +++ b/stack/l2cap/l2c_link.c @@ -541,6 +541,28 @@ BOOLEAN l2c_link_hci_disc_comp (UINT16 handle, UINT8 reason) transport = BT_TRANSPORT_LE; } #endif + if (p_lcb->transport == BT_TRANSPORT_BR_EDR) + { + if (p_lcb->sent_not_acked > 0) + { + l2cb.controller_xmit_window += p_lcb->sent_not_acked; + if (l2cb.controller_xmit_window > l2cb.num_lm_acl_bufs) + { + l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs; + } + p_lcb->sent_not_acked = 0; + } + p_lcb->partial_segment_being_sent = FALSE; + + /* Stop the link connect timer if sent */ + if (p_lcb->w4_info_rsp) + { + btu_stop_timer (&p_lcb->info_timer_entry); + p_lcb->w4_info_rsp = FALSE; + } + + btm_acl_removed(p_lcb->remote_bd_addr, BT_TRANSPORT_BR_EDR); + } if (l2cu_create_conn(p_lcb, transport)) lcb_is_free = FALSE; /* still using this lcb */ } |