Add null checks for L2CAP socket callback

Use Case: Bluetooth process crashed while sending the file
to remote device.

Steps: Send a file over L2CAP (OBEX over L2CAP) to remote device

Failure: BT process will crash and restarted automatically

Root Cause: L2CAP socket callback reset to null on error
condition, and when other function try to dereference it, this
leads to BT crash.

Fix: Added null checks for L2CAP socket callback

Change-Id: I2e4f20278fcc8a09bd4dbd507a6c4147e0de93c1

diff --git a/bta/jv/bta_jv_act.c b/bta/jv/bta_jv_act.c
index 96642dd..2b8d226 100644 (file)
--- a/bta/jv/bta_jv_act.c
+++ b/bta/jv/bta_jv_act.c
@@ -1115,7 +1115,8 @@ void bta_jv_l2cap_connect(tBTA_JV_MSG *p_data)
     }
 
     evt_data.handle = handle;
-    cc->p_cback(BTA_JV_L2CAP_CL_INIT_EVT, (tBTA_JV *)&evt_data, cc->user_data);
+    if(cc->p_cback)
+        cc->p_cback(BTA_JV_L2CAP_CL_INIT_EVT, (tBTA_JV *)&evt_data, cc->user_data);
 }
 
 
@@ -1280,7 +1281,8 @@ void bta_jv_l2cap_start_server(tBTA_JV_MSG *p_data)
         p_cb->psm = ls->local_psm;
     }
 
-    ls->p_cback(BTA_JV_L2CAP_START_EVT, (tBTA_JV *)&evt_data, ls->user_data);
+    if(ls->p_cback)
+        ls->p_cback(BTA_JV_L2CAP_START_EVT, (tBTA_JV *)&evt_data, ls->user_data);
 }
 
 /*******************************************************************************
@@ -1309,7 +1311,8 @@ void bta_jv_l2cap_stop_server(tBTA_JV_MSG *p_data)
             evt_data.handle = p_cb->handle;
             evt_data.status = bta_jv_free_l2c_cb(p_cb);
             evt_data.async = false;
-            p_cback(BTA_JV_L2CAP_CLOSE_EVT, (tBTA_JV *)&evt_data, user_data);
+            if(p_cback)
+                p_cback(BTA_JV_L2CAP_CLOSE_EVT, (tBTA_JV *)&evt_data, user_data);
             break;
         }
     }