bta_dm: Stop copying garbage

author Martin Brabham <optedoblivion@google.com>

Mon, 1 May 2017 23:30:40 +0000 (16:30 -0700)

committer Martin Brabham <optedoblivion@google.com>

Sat, 6 May 2017 01:27:04 +0000 (01:27 +0000)
author Martin Brabham <optedoblivion@google.com>
Mon, 1 May 2017 23:30:40 +0000 (16:30 -0700)
committer Martin Brabham <optedoblivion@google.com>
Sat, 6 May 2017 01:27:04 +0000 (01:27 +0000)
diff --git a/bta/dm/bta_dm_act.cc b/bta/dm/bta_dm_act.cc

index 1d6bb06..caf207b 100644 (file)
--- a/bta/dm/bta_dm_act.cc
+++ b/bta/dm/bta_dm_act.cc
@@ -3062,11 +3062,19 @@ void bta_dm_acl_change(tBTA_DM_MSG* p_data) {
        conn.link_down.is_removed =
            bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
  
-      for (; i < bta_dm_cb.device_list.count; i++) {
+      // Iterate to the one before the last when shrinking the list,
+      // otherwise we memcpy garbage data into the record.
+      // Then clear out the last item in the list since we are shrinking.
+      for (; i < bta_dm_cb.device_list.count - 1; i++) {
          memcpy(&bta_dm_cb.device_list.peer_device[i],
                 &bta_dm_cb.device_list.peer_device[i + 1],
                 sizeof(bta_dm_cb.device_list.peer_device[i]));
        }
+      if (bta_dm_cb.device_list.count > 0) {
+        int clear_index = bta_dm_cb.device_list.count - 1;
+        memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
+               sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
+      }
        break;
      }
      if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
author	Martin Brabham <optedoblivion@google.com>
	Mon, 1 May 2017 23:30:40 +0000 (16:30 -0700)
committer	Martin Brabham <optedoblivion@google.com>
	Sat, 6 May 2017 01:27:04 +0000 (01:27 +0000)