Ignore LCB entries that migth have been released while queued

Function btm_send_pending_direct_conn() dequeues tL2C_LCB
entries from the conn_pending_q queue and calls the processing
function.
However, there is the possilility of a race condition
and releasing the entry by l2cu_release_lcb() before it is processed.
Now tL2C_LCB that are not in_use are ignored.

Bug: 27418154
Change-Id: I4b5fda605a60c8aebbf5587bb12dd74ac5d28f68

diff --git a/stack/btm/btm_ble_bgconn.c b/stack/btm/btm_ble_bgconn.c
index 23450af..4d2e38a 100644 (file)
--- a/stack/btm/btm_ble_bgconn.c
+++ b/stack/btm/btm_ble_bgconn.c
@@ -714,9 +714,11 @@ BOOLEAN btm_send_pending_direct_conn(void)
     BOOLEAN     rt = FALSE;
 
     p_req = (tBTM_BLE_CONN_REQ*)fixed_queue_try_dequeue(btm_cb.ble_ctr_cb.conn_pending_q);
-    if (p_req != NULL)
-    {
-        rt = l2cble_init_direct_conn((tL2C_LCB *)(p_req->p_param));
+    if (p_req != NULL) {
+        tL2C_LCB *p_lcb = (tL2C_LCB *)(p_req->p_param);
+        /* Ignore entries that might have been released while queued. */
+        if (p_lcb->in_use)
+            rt = l2cble_init_direct_conn(p_lcb);
         osi_free(p_req);
     }