*
******************************************************************************/
+#include <log/log.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
* Returns void
*
******************************************************************************/
-void btm_process_inq_results(uint8_t* p, uint8_t inq_res_mode) {
+void btm_process_inq_results(uint8_t* p, uint8_t hci_evt_len,
+ uint8_t inq_res_mode) {
uint8_t num_resp, xx;
RawAddress bda;
tINQ_DB_ENT* p_i;
STREAM_TO_UINT8(num_resp, p);
- if (inq_res_mode == BTM_INQ_RESULT_EXTENDED && (num_resp > 1)) {
- BTM_TRACE_ERROR("btm_process_inq_results() extended results (%d) > 1",
- num_resp);
- return;
+ if (inq_res_mode == BTM_INQ_RESULT_EXTENDED) {
+ if (num_resp > 1) {
+ BTM_TRACE_ERROR("btm_process_inq_results() extended results (%d) > 1",
+ num_resp);
+ return;
+ }
+
+ constexpr uint16_t extended_inquiry_result_size = 254;
+ if (hci_evt_len - 1 != extended_inquiry_result_size) {
+ android_errorWriteLog(0x534e4554, "141620271");
+ BTM_TRACE_ERROR("%s: can't fit %d results in %d bytes", __func__,
+ num_resp, hci_evt_len);
+ return;
+ }
+ } else if (inq_res_mode == BTM_INQ_RESULT_STANDARD ||
+ inq_res_mode == BTM_INQ_RESULT_WITH_RSSI) {
+ constexpr uint16_t inquiry_result_size = 14;
+ if (hci_evt_len < num_resp * inquiry_result_size) {
+ android_errorWriteLog(0x534e4554, "141620271");
+ BTM_TRACE_ERROR("%s: can't fit %d results in %d bytes", __func__,
+ num_resp, hci_evt_len);
+ return;
+ }
}
for (xx = 0; xx < num_resp; xx++) {
/* Inquiry related functions */
extern void btm_clr_inq_db(const RawAddress* p_bda);
extern void btm_inq_db_init(void);
-extern void btm_process_inq_results(uint8_t* p, uint8_t inq_res_mode);
+extern void btm_process_inq_results(uint8_t* p, uint8_t hci_evt_len,
+ uint8_t inq_res_mode);
extern void btm_process_inq_complete(uint8_t status, uint8_t mode);
extern void btm_process_cancel_complete(uint8_t status, uint8_t mode);
extern void btm_event_filter_complete(uint8_t* p);
/* L O C A L F U N C T I O N P R O T O T Y P E S */
/******************************************************************************/
static void btu_hcif_inquiry_comp_evt(uint8_t* p);
-static void btu_hcif_inquiry_result_evt(uint8_t* p);
-static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p);
-static void btu_hcif_extended_inquiry_result_evt(uint8_t* p);
+static void btu_hcif_inquiry_result_evt(uint8_t* p, uint8_t hci_evt_len);
+static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len);
+static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
+ uint8_t hci_evt_len);
static void btu_hcif_connection_comp_evt(uint8_t* p);
static void btu_hcif_connection_request_evt(uint8_t* p);
btu_hcif_inquiry_comp_evt(p);
break;
case HCI_INQUIRY_RESULT_EVT:
- btu_hcif_inquiry_result_evt(p);
+ btu_hcif_inquiry_result_evt(p, hci_evt_len);
break;
case HCI_INQUIRY_RSSI_RESULT_EVT:
- btu_hcif_inquiry_rssi_result_evt(p);
+ btu_hcif_inquiry_rssi_result_evt(p, hci_evt_len);
break;
case HCI_EXTENDED_INQUIRY_RESULT_EVT:
- btu_hcif_extended_inquiry_result_evt(p);
+ btu_hcif_extended_inquiry_result_evt(p, hci_evt_len);
break;
case HCI_CONNECTION_COMP_EVT:
btu_hcif_connection_comp_evt(p);
* Returns void
*
******************************************************************************/
-static void btu_hcif_inquiry_result_evt(uint8_t* p) {
+static void btu_hcif_inquiry_result_evt(uint8_t* p, uint8_t hci_evt_len) {
/* Store results in the cache */
- btm_process_inq_results(p, BTM_INQ_RESULT_STANDARD);
+ btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
}
/*******************************************************************************
* Returns void
*
******************************************************************************/
-static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p) {
+static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len) {
/* Store results in the cache */
- btm_process_inq_results(p, BTM_INQ_RESULT_WITH_RSSI);
+ btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
}
/*******************************************************************************
* Returns void
*
******************************************************************************/
-static void btu_hcif_extended_inquiry_result_evt(uint8_t* p) {
+static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
+ uint8_t hci_evt_len) {
/* Store results in the cache */
- btm_process_inq_results(p, BTM_INQ_RESULT_EXTENDED);
+ btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
}
/*******************************************************************************
OSDN Git Service
