BT_HDR * p_event;
BT_HDR *p_new_buf;
+ p_scb = bta_pan_scb_by_handle(handle);
+ if (p_scb == NULL)
+ {
+ return;
+ }
+
if ( sizeof(tBTA_PAN_DATA_PARAMS) > p_buf->offset )
{
if (sizeof(BT_HDR) + sizeof(tBTA_PAN_DATA_PARAMS) + p_buf->len >
android_errorWriteLog(0x534e4554, "63146237");
APPL_TRACE_ERROR("%s: received buffer length too large: %d", __func__,
p_buf->len);
- GKI_freebuf(p_buf);
return;
}
if(!p_new_buf)
{
APPL_TRACE_WARNING("Cannot get a PAN GKI buffer");
- GKI_freebuf( p_buf );
return;
}
else
memcpy( (UINT8 *)(p_new_buf+1)+sizeof(tBTA_PAN_DATA_PARAMS), (UINT8 *)(p_buf+1)+p_buf->offset, p_buf->len );
p_new_buf->len = p_buf->len;
p_new_buf->offset = sizeof(tBTA_PAN_DATA_PARAMS);
- GKI_freebuf( p_buf );
}
}
else
((tBTA_PAN_DATA_PARAMS *)p_new_buf)->ext = ext;
((tBTA_PAN_DATA_PARAMS *)p_new_buf)->forward = forward;
-
- if((p_scb = bta_pan_scb_by_handle(handle)) == NULL)
- {
-
- GKI_freebuf( p_new_buf );
- return;
- }
-
GKI_enqueue(&p_scb->data_queue, p_new_buf);
if ((p_event = (BT_HDR *) GKI_getbuf(sizeof(BT_HDR))) != NULL)
{
if (bnep_cb.p_data_buf_cb)
{
(*bnep_cb.p_data_buf_cb)(p_bcb->handle, p_src_addr, p_dst_addr, protocol, p_buf, fw_ext_present);
+ GKI_freebuf (p_buf);
}
else if (bnep_cb.p_data_ind_cb)
{