return;
}
- if (sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset) {
- /* offset smaller than data structure in front of actual data */
- if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
- PAN_BUF_SIZE) {
- android_errorWriteLog(0x534e4554, "63146237");
- APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
- p_buf->len);
- return;
- }
- p_new_buf = (BT_HDR *)osi_malloc(PAN_BUF_SIZE);
- memcpy((UINT8 *)(p_new_buf + 1) + sizeof(tBTA_PAN_DATA_PARAMS),
- (UINT8 *)(p_buf + 1) + p_buf->offset, p_buf->len);
- p_new_buf->len = p_buf->len;
- p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
- } else {
- p_new_buf = p_buf;
+ if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
+ PAN_BUF_SIZE) {
+ android_errorWriteLog(0x534e4554, "63146237");
+ APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
+ p_buf->len);
+ return;
}
+ p_new_buf = (BT_HDR *)osi_malloc(PAN_BUF_SIZE);
+ memcpy((UINT8 *)(p_new_buf + 1) + sizeof(tBTA_PAN_DATA_PARAMS),
+ (UINT8 *)(p_buf + 1) + p_buf->offset, p_buf->len);
+ p_new_buf->len = p_buf->len;
+ p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
+
/* copy params into the space before the data */
bdcpy(((tBTA_PAN_DATA_PARAMS *)p_new_buf)->src, src);
bdcpy(((tBTA_PAN_DATA_PARAMS *)p_new_buf)->dst, dst);