DO NOT MERGE: PAN: Always allocate in bta_pan_data_buf_ind_cback

[android-x86/system-bt.git] / bta / pan / bta_pan_act.c

diff --git a/bta/pan/bta_pan_act.c b/bta/pan/bta_pan_act.c
index 410ac06..b72a318 100644 (file)
--- a/bta/pan/bta_pan_act.c
+++ b/bta/pan/bta_pan_act.c
@@ -182,23 +182,19 @@ static void bta_pan_data_buf_ind_cback(UINT16 handle, BD_ADDR src, BD_ADDR dst,
         return;
     }
 
-    if (sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset) {
-        /* offset smaller than data structure in front of actual data */
-        if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
-            PAN_BUF_SIZE) {
-            android_errorWriteLog(0x534e4554, "63146237");
-            APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
-                             p_buf->len);
-            return;
-        }
-        p_new_buf = (BT_HDR *)osi_malloc(PAN_BUF_SIZE);
-        memcpy((UINT8 *)(p_new_buf + 1) + sizeof(tBTA_PAN_DATA_PARAMS),
-               (UINT8 *)(p_buf + 1) + p_buf->offset, p_buf->len);
-        p_new_buf->len    = p_buf->len;
-        p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
-    } else {
-        p_new_buf = p_buf;
+    if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
+        PAN_BUF_SIZE) {
+        android_errorWriteLog(0x534e4554, "63146237");
+        APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
+                         p_buf->len);
+        return;
     }
+    p_new_buf = (BT_HDR *)osi_malloc(PAN_BUF_SIZE);
+    memcpy((UINT8 *)(p_new_buf + 1) + sizeof(tBTA_PAN_DATA_PARAMS),
+           (UINT8 *)(p_buf + 1) + p_buf->offset, p_buf->len);
+    p_new_buf->len    = p_buf->len;
+    p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
+
     /* copy params into the space before the data */
     bdcpy(((tBTA_PAN_DATA_PARAMS *)p_new_buf)->src, src);
     bdcpy(((tBTA_PAN_DATA_PARAMS *)p_new_buf)->dst, dst);