Use case:
Crash found during L2CAP disconnect from faulty BLE APP.
Steps:
Run SNS testing.
Failure:
Crash during L2CAP disc.
Root cause:
Faulty BLE application triggering GATT disconnection
which internally triggering L2CAP disconnection without checking
proper state of channel.
Fix:
- Initiate L2CAP disconnect only when the channel is open
- Validate LCB during disconnection from upper layers
Change-Id: Ic9d065f095feba659c861828732647e968c20db8
{
BOOLEAN ret = FALSE;
tGATT_CH_STATE ch_state;
- GATT_TRACE_DEBUG ("gatt_disconnect ");
+
+ GATT_TRACE_EVENT ("%s", __func__);
if (p_tcb != NULL)
{
}
else
{
- ret = L2CA_DisconnectReq(p_tcb->att_lcid);
+ if ((ch_state == GATT_CH_OPEN) || (ch_state == GATT_CH_CFG))
+ ret = L2CA_DisconnectReq(p_tcb->att_lcid);
+ else
+ GATT_TRACE_DEBUG ("%s gatt_disconnect channel not opened", __func__);
}
}
else
{
- GATT_TRACE_DEBUG ("gatt_disconnect already in closing state");
+ GATT_TRACE_DEBUG ("%s already in closing state", __func__);
}
}
BT_HDR *p_buf, *p_buf2;
UINT8 *p;
+ if ((!p_ccb) || (p_ccb->p_lcb == NULL))
+ {
+ L2CAP_TRACE_ERROR ("%s L2CAP - ccb or lcb invalid", __func__);
+ return;
+ }
+
/* Create an identifier for this packet */
p_ccb->p_lcb->id++;
l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID);
OSDN Git Service
