From: Pavlin Radoslavov <pavlin@google.com>
Date: Fri, 18 Mar 2016 08:02:45 +0000 (-0700)
Subject: Cleanup after p_mcb if L2CA_ConnectReq() failed
X-Git-Tag: android-x86-8.1-r1~1733^2
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=757047a147582d6c5be22f0fb5148005f345fc9b;p=android-x86%2Fsystem-bt.git

Cleanup after p_mcb if L2CA_ConnectReq() failed

If L2CA_ConnectReq() failed, make sure that
we cleanup the lcid cache state after the
affected p_mcb.

Also, extra check and a log message inside function
rfc_check_send_cmd().

Bug: 27334916
Change-Id: Ib2950d12ce456d74355f4bcc0e3c4d87603f8f91
---

diff --git a/stack/rfcomm/rfc_l2cap_if.c b/stack/rfcomm/rfc_l2cap_if.c
index 319dc4134..05f4994a0 100644
--- a/stack/rfcomm/rfc_l2cap_if.c
+++ b/stack/rfcomm/rfc_l2cap_if.c
@@ -444,7 +444,9 @@ tRFC_MCB *rfc_find_lcid_mcb (UINT16 lcid)
 ** Description      This function returns MCB block supporting local cid
 **
 *******************************************************************************/
-void rfc_save_lcid_mcb (tRFC_MCB *p_mcb, UINT16 lcid)
+void rfc_save_lcid_mcb(tRFC_MCB *p_mcb, UINT16 lcid)
 {
+    if (lcid < L2CAP_BASE_APPL_CID)
+        return;
     rfc_cb.rfc.p_rfc_lcid_mcb[lcid - L2CAP_BASE_APPL_CID] = p_mcb;
 }
diff --git a/stack/rfcomm/rfc_mx_fsm.c b/stack/rfcomm/rfc_mx_fsm.c
index 5edc67a59..a12ae96d8 100644
--- a/stack/rfcomm/rfc_mx_fsm.c
+++ b/stack/rfcomm/rfc_mx_fsm.c
@@ -121,11 +121,14 @@ void rfc_mx_sm_state_idle (tRFC_MCB *p_mcb, UINT16 event, void *p_data)
         /* Initialize L2CAP MTU */
         p_mcb->peer_l2cap_mtu = L2CAP_DEFAULT_MTU - RFCOMM_MIN_OFFSET - 1;
 
-        if ((p_mcb->lcid = L2CA_ConnectReq (BT_PSM_RFCOMM, p_mcb->bd_addr)) == 0)
-        {
-            PORT_StartCnf (p_mcb, RFCOMM_ERROR);
+        UINT16 lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
+        if (lcid == 0) {
+            rfc_save_lcid_mcb(NULL, p_mcb->lcid);
+            p_mcb->lcid = 0;
+            PORT_StartCnf(p_mcb, RFCOMM_ERROR);
             return;
         }
+        p_mcb->lcid = lcid;
         /* Save entry for quicker access to mcb based on the LCID */
         rfc_save_lcid_mcb (p_mcb, p_mcb->lcid);
 
@@ -499,11 +502,14 @@ void rfc_mx_sm_state_disc_wait_ua (tRFC_MCB *p_mcb, UINT16 event, void *p_data)
         if (p_mcb->restart_required)
         {
             /* Start Request was received while disconnecting.  Execute it again */
-            if ((p_mcb->lcid = L2CA_ConnectReq (BT_PSM_RFCOMM, p_mcb->bd_addr)) == 0)
-            {
-                PORT_StartCnf (p_mcb, RFCOMM_ERROR);
+            UINT16 lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
+            if (lcid == 0) {
+                rfc_save_lcid_mcb(NULL, p_mcb->lcid);
+                p_mcb->lcid = 0;
+                PORT_StartCnf(p_mcb, RFCOMM_ERROR);
                 return;
             }
+            p_mcb->lcid = lcid;
             /* Save entry for quicker access to mcb based on the LCID */
             rfc_save_lcid_mcb (p_mcb, p_mcb->lcid);
 
diff --git a/stack/rfcomm/rfc_utils.c b/stack/rfcomm/rfc_utils.c
index a95fcf279..e705f0d5d 100644
--- a/stack/rfcomm/rfc_utils.c
+++ b/stack/rfcomm/rfc_utils.c
@@ -449,25 +449,21 @@ void rfc_dec_credit (tPORT *p_port)
 *******************************************************************************/
 void rfc_check_send_cmd(tRFC_MCB *p_mcb, BT_HDR *p_buf)
 {
-    BT_HDR  *p;
-
     /* if passed a buffer queue it */
-    if (p_buf != NULL)
-    {
+    if (p_buf != NULL) {
+        if (p_mcb->cmd_q == NULL) {
+            RFCOMM_TRACE_ERROR("%s: empty queue: p_mcb = %p p_mcb->lcid = %u cached p_mcb = %p",
+                               __func__, p_mcb, p_mcb->lcid,
+                               rfc_find_lcid_mcb(p_mcb->lcid));
+        }
         fixed_queue_enqueue(p_mcb->cmd_q, p_buf);
     }
 
     /* handle queue if L2CAP not congested */
-    while (p_mcb->l2cap_congested == FALSE)
-    {
-        if ((p = (BT_HDR *) fixed_queue_try_dequeue(p_mcb->cmd_q)) == NULL)
-        {
+    while (p_mcb->l2cap_congested == FALSE) {
+        BT_HDR *p = (BT_HDR *)fixed_queue_try_dequeue(p_mcb->cmd_q);
+        if (p == NULL)
             break;
-        }
-
-
-        L2CA_DataWrite (p_mcb->lcid, p);
+        L2CA_DataWrite(p_mcb->lcid, p);
     }
 }
-
-