tBTA_PAN_SCB* p_scb;
BT_HDR* p_new_buf;
+ p_scb = bta_pan_scb_by_handle(handle);
+ if (p_scb == NULL) {
+ return;
+ }
+
if (sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset) {
/* offset smaller than data structure in front of actual data */
if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
android_errorWriteLog(0x534e4554, "63146237");
APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
p_buf->len);
- osi_free(p_buf);
return;
}
p_new_buf = (BT_HDR*)osi_malloc(PAN_BUF_SIZE);
(uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
p_new_buf->len = p_buf->len;
p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
- osi_free(p_buf);
} else {
p_new_buf = p_buf;
}
((tBTA_PAN_DATA_PARAMS*)p_new_buf)->ext = ext;
((tBTA_PAN_DATA_PARAMS*)p_new_buf)->forward = forward;
- p_scb = bta_pan_scb_by_handle(handle);
- if (p_scb == NULL) {
- osi_free(p_new_buf);
- return;
- }
-
fixed_queue_enqueue(p_scb->data_queue, p_new_buf);
BT_HDR* p_event = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
p_event->layer_specific = handle;
if (bnep_cb.p_data_buf_cb) {
(*bnep_cb.p_data_buf_cb)(p_bcb->handle, *p_src_addr, *p_dst_addr, protocol,
p_buf, fw_ext_present);
+ osi_free(p_buf);
} else if (bnep_cb.p_data_ind_cb) {
(*bnep_cb.p_data_ind_cb)(p_bcb->handle, *p_src_addr, *p_dst_addr, protocol,
p, rem_len, fw_ext_present);