******************************************************************************/
#include <base/logging.h>
+#include <log/log.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
p_buf->offset += sizeof(sdu_length);
p_data->offset = 0;
- } else
+ } else {
p_data = p_ccb->ble_sdu;
+ if (p_buf->len > (p_ccb->ble_sdu_length - p_data->len)) {
+ L2CAP_TRACE_ERROR("%s: buffer length=%d too big. max=%d. Dropped",
+ __func__, p_data->len,
+ (p_ccb->ble_sdu_length - p_data->len));
+ android_errorWriteWithInfoLog(0x534e4554, "75298652", -1, NULL, 0);
+ osi_free(p_buf);
+
+ /* Throw away all pending fragments and disconnects */
+ p_ccb->is_first_seg = true;
+ osi_free(p_ccb->ble_sdu);
+ p_ccb->ble_sdu = NULL;
+ p_ccb->ble_sdu_length = 0;
+ l2cu_disconnect_chnl(p_ccb);
+ return;
+ }
+ }
memcpy((uint8_t*)(p_data + 1) + p_data->offset + p_data->len,
(uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
p_ccb->ble_sdu_length = 0;
} else if (p_data->len < p_ccb->ble_sdu_length) {
p_ccb->is_first_seg = false;
- } else {
- L2CAP_TRACE_ERROR("%s Length in the SDU messed up", __func__);
- // TODO: reset every thing may be???
}
osi_free(p_buf);
OSDN Git Service
