Fix for SDP data structure leak during pairing

During pairing, bluedroid initiates a SDP request to search services.
Upon SDP completion, some data structure buffers were not returned to
the pool resulting in leak.

Bug : 8797456
Change-Id: Ic512fd22ca6b8b748c5b92c02e24016fe785c0b1

diff --git a/btif/src/btif_dm.c b/btif/src/btif_dm.c
index 5a7cccd..3854ebd 100644 (file)
--- a/btif/src/btif_dm.c
+++ b/btif/src/btif_dm.c
@@ -586,12 +586,20 @@ static void search_services_copy_cb(UINT16 event, char *p_dest, char *p_src)
     {
          case BTA_DM_DISC_RES_EVT:
          {
-              if ((p_src_data->disc_res.result == BTA_SUCCESS) &&
-                  (p_src_data->disc_res.num_uuids > 0))
+              if (p_src_data->disc_res.result == BTA_SUCCESS)
               {
-                  p_dest_data->disc_res.p_uuid_list = (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH));
-                  memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list,
-                         p_src_data->disc_res.num_uuids*MAX_UUID_SIZE);
+                  if (p_src_data->disc_res.num_uuids > 0)
+                  {
+                       p_dest_data->disc_res.p_uuid_list =
+                                                        (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH));
+                       memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list,
+                              p_src_data->disc_res.num_uuids*MAX_UUID_SIZE);
+                       GKI_freebuf(p_src_data->disc_res.p_uuid_list);
+                  }
+                  if (p_src_data->disc_res.p_raw_data != NULL)
+                  {
+                      GKI_freebuf(p_src_data->disc_res.p_raw_data);
+                  }
               }
          } break;
     }