Commit "L2CAP and SDP Search API for BT profiles (2/2)" introduced two
separate issues in btsock_rfc_signaled():
1. The "slot_lock" potentially gets unlocked twice, causing
undefined behaviour.
2. The call to BTA_JvRfcommWrite() was incorrectly taken outside
of the conditional if() block that only executes the code if
data is available.
This patch reverts the relevant locking change and fixes the if()
condition.
Bug:
27204458
Change-Id: I63b1257d21ca7bdd248858ec67e28f64e37a7895
if (slot->f.connected) {
// Make sure there's data pending in case the peer closed the socket.
int size = 0;
- if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size))
- //unlock before BTA_JvRfcommWrite to avoid deadlock on concurrnet multi rfcomm connectoins
- //concurrnet multi rfcomm connectoins
- pthread_mutex_unlock(&slot_lock);
+ if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size)) {
BTA_JvRfcommWrite(slot->rfc_handle, slot->id);
+ }
} else {
LOG_ERROR(LOG_TAG, "%s socket signaled for read while disconnected, slot: %d, channel: %d", __func__, slot->id, slot->scn);
need_close = true;