LE: Add NULL pointer check in deep copy function

Adds a NULL pointer check for the GATT read event deep copy function.

Change-Id: Ia8d31e851589612009e1038c11b7b113e5367c6d

diff --git a/btif/src/btif_gatt_client.c b/btif/src/btif_gatt_client.c
index 7418f9d..3b57b50 100644 (file)
--- a/btif/src/btif_gatt_client.c
+++ b/btif/src/btif_gatt_client.c
@@ -162,27 +162,38 @@ static void btapp_gattc_req_data(UINT16 event, char *p_dest, char *p_src)
     {
         case BTA_GATTC_READ_CHAR_EVT:
         case BTA_GATTC_READ_DESCR_EVT:
-            p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL));
 
-            if (p_dest_data->read.p_value != NULL)
+            if (p_src_data->read.p_value != NULL)
             {
-                memcpy(p_dest_data->read.p_value, p_src_data->read.p_value,
-                    sizeof(tBTA_GATT_READ_VAL));
+                p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL));
 
-                // Allocate buffer for att value if necessary
-                if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT
-                  && p_src_data->read.p_value->unformat.p_value != NULL)
+                if (p_dest_data->read.p_value != NULL)
                 {
-                    p_dest_data->read.p_value->unformat.p_value =
-                                   GKI_getbuf(p_src_data->read.p_value->unformat.len);
-                    if (p_dest_data->read.p_value->unformat.p_value != NULL)
+                    memcpy(p_dest_data->read.p_value, p_src_data->read.p_value,
+                        sizeof(tBTA_GATT_READ_VAL));
+
+                    // Allocate buffer for att value if necessary
+                    if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT
+                      && p_src_data->read.p_value->unformat.p_value != NULL)
                     {
-                        memcpy(p_dest_data->read.p_value->unformat.p_value,
-                               p_src_data->read.p_value->unformat.p_value,
-                               p_src_data->read.p_value->unformat.len);
+                        p_dest_data->read.p_value->unformat.p_value =
+                                       GKI_getbuf(p_src_data->read.p_value->unformat.len);
+                        if (p_dest_data->read.p_value->unformat.p_value != NULL)
+                        {
+                            memcpy(p_dest_data->read.p_value->unformat.p_value,
+                                   p_src_data->read.p_value->unformat.p_value,
+                                   p_src_data->read.p_value->unformat.len);
+                        }
                     }
                 }
             }
+            else
+            {
+                BTIF_TRACE_WARNING2("%s :Src read.p_value ptr is NULL for event  0x%x",
+                                    __FUNCTION__, event);
+                p_dest_data->read.p_value = NULL;
+
+            }
             break;
 
         default:

diff --git a/btif/src/btif_gatt_util.c b/btif/src/btif_gatt_util.c
index 3775776..d07c737 100644 (file)
--- a/btif/src/btif_gatt_util.c
+++ b/btif/src/btif_gatt_util.c
@@ -240,7 +240,7 @@ uint16_t set_read_value(btgatt_read_params_t *p_dest, tBTA_GATTC_READ *p_src)
             break;
 
         default:
-            if ( p_src->status == BTA_GATT_OK )
+            if (( p_src->status == BTA_GATT_OK ) &&(p_src->p_value != NULL))
             {
                 ALOGI("%s unformat.len = %d ", __FUNCTION__, p_src->p_value->unformat.len);
                 p_dest->value.len = p_src->p_value->unformat.len;