LE: Fix stack crash on invalid descriptor write request

Fix stack crash when an application attempts to writes a NULL array
using the writeDescriptor() function.
bug 11574019
Change-Id: Id2d7e49216fcc6e3af369047005fb7e67e0923db

diff --git a/jni/com_android_bluetooth_gatt.cpp b/jni/com_android_bluetooth_gatt.cpp
index fef84e2..854a925 100644 (file)
--- a/jni/com_android_bluetooth_gatt.cpp
+++ b/jni/com_android_bluetooth_gatt.cpp
@@ -991,6 +991,11 @@ static void gattClientWriteDescriptorNative(JNIEnv* env, jobject object,
 {
     if (!sGattIf) return;
 
+    if (value == NULL) {
+        warn("gattClientWriteDescriptorNative() ignoring NULL array");
+        return;
+    }
+
     btgatt_srvc_id_t srvc_id;
     srvc_id.id.inst_id = (uint8_t) service_id_inst_id;
     srvc_id.is_primary = (service_type == BTGATT_SERVICE_TYPE_PRIMARY ? 1 : 0);