OSDN Git Service
Ugo Yu [Fri, 8 Feb 2019 08:10:13 +0000 (00:10 -0800)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into oc-dev am:
c59317a10a
am:
d73d5ace07
Change-Id: I276abc4b3d069c7700e37cf6c2a34df380b07035
Ugo Yu [Fri, 8 Feb 2019 08:06:25 +0000 (00:06 -0800)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into oc-dev
am:
c59317a10a
Change-Id: I424449c094db3c75d1f76f7d397b7b510d1a8959
TreeHugger Robot [Fri, 8 Feb 2019 07:54:10 +0000 (07:54 +0000)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into oc-dev
* changes:
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408 am:
70ab44a424 skipped:
4e26a1fa5d
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408 am:
70ab44a424
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
Hansong Zhang [Fri, 8 Feb 2019 00:46:11 +0000 (16:46 -0800)]
Merge "btm_proc_smp_cback: Don't access p_dev_rec if freed" into oc-dev am:
4ac889b785
am:
c87e949d53
Change-Id: I6875480db5a714d721d20ead2111627f4ab5a68e
Hansong Zhang [Fri, 8 Feb 2019 00:42:12 +0000 (16:42 -0800)]
Merge "btm_proc_smp_cback: Don't access p_dev_rec if freed" into oc-dev
am:
4ac889b785
Change-Id: I3a99684487593468b89948aa9d3be99e5ed705f4
TreeHugger Robot [Fri, 8 Feb 2019 00:31:40 +0000 (00:31 +0000)]
Merge "btm_proc_smp_cback: Don't access p_dev_rec if freed" into oc-dev
TreeHugger Robot [Fri, 8 Feb 2019 00:27:55 +0000 (00:27 +0000)]
Merge "DO NOT MERGE Separate SDP procedure from bonding state (1/2)" into oc-mr1-dev
Hansong Zhang [Thu, 7 Feb 2019 21:21:26 +0000 (13:21 -0800)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into oc-dev am:
e145805974
am:
9b0e9a32bb
Change-Id: I02f1344805f748024dc28e05fd0afe67a6afb61a
Hansong Zhang [Thu, 7 Feb 2019 21:17:35 +0000 (13:17 -0800)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into oc-dev
am:
e145805974
Change-Id: Iaa78778cedd6e04d3cf7d009b81a9599658e6583
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into oc-dev
* changes:
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0 skipped:
84ba34d57a
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
Hansong Zhang [Sat, 2 Feb 2019 08:09:09 +0000 (00:09 -0800)]
Merge changes from topic "am-
cdd47550-8877-443a-826f-
db2b25d750ce" into oc-dev am:
8ea254e227
am:
04f9bde9ea
Change-Id: I2f9ab4cc670a7faa7305fe110a964168bd4c40d5
Hansong Zhang [Sat, 2 Feb 2019 08:05:14 +0000 (00:05 -0800)]
Merge changes from topic "am-
cdd47550-8877-443a-826f-
db2b25d750ce" into oc-dev
am:
8ea254e227
Change-Id: Ifc5a20abe1c8091f4850cd3d75f9ecfb4474f11e
TreeHugger Robot [Sat, 2 Feb 2019 07:52:13 +0000 (07:52 +0000)]
Merge changes from topic "am-
cdd47550-8877-443a-826f-
db2b25d750ce" into oc-dev
* changes:
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf skipped:
55b702e6c4
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93
DO NOT MERGE process_l2cap_cmd: Fix OOB
Hansong Zhang [Fri, 1 Feb 2019 23:39:08 +0000 (15:39 -0800)]
Merge "process_l2cap_cmd: Fix OOB" into oc-dev am:
356edb4333
am:
82365b0e8d
Change-Id: I4f04fad60e84785f474390e473d2fcf19f66a044
Hansong Zhang [Fri, 1 Feb 2019 23:33:09 +0000 (15:33 -0800)]
Merge "process_l2cap_cmd: Fix OOB" into oc-dev
am:
356edb4333
Change-Id: I0e1800587513bdb39e0b6eff7e46254470ab2def
TreeHugger Robot [Fri, 1 Feb 2019 23:18:22 +0000 (23:18 +0000)]
Merge "process_l2cap_cmd: Fix OOB" into oc-dev
Hansong Zhang [Wed, 30 Jan 2019 00:56:34 +0000 (16:56 -0800)]
Merge "btm_ble_multi_adv: Check data length in HCI interface" into oc-dev am:
19460901d8
am:
154230b832
Change-Id: I69aba9f5350a2b4510e49494839bbff6369c8b4a
Hansong Zhang [Wed, 30 Jan 2019 00:49:16 +0000 (16:49 -0800)]
Merge "btm_ble_multi_adv: Check data length in HCI interface" into oc-dev
am:
19460901d8
Change-Id: If4f3b40817ff57bdae4777ae330854a9119ae0b7
TreeHugger Robot [Wed, 30 Jan 2019 00:25:28 +0000 (00:25 +0000)]
Merge "btm_ble_multi_adv: Check data length in HCI interface" into oc-dev
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:38 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0 skipped:
84ba34d57a
Change-Id: I73f54778128ee9bf1ed46c55bbd545b29ed2dc54
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:36 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0
Change-Id: I080739b77c52af5ff54bfc4e8a20cf8fd52b235b
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:35 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
Change-Id: Ic43337c91c1cdcb9eaea22311cd7205dc05dcfa2
Hansong Zhang [Thu, 10 Jan 2019 02:18:17 +0000 (18:18 -0800)]
btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: Ic9d0eaeb62a1a1b24884146ca82f4104fabc5bac
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:33 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
Change-Id: I96de72b97a23eebad116c98899f59f399614cff7
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:32 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
Change-Id: Iad8449f422afb55305d3f1f2a148a4122c49c7d8
Hansong Zhang [Tue, 22 Jan 2019 21:46:47 +0000 (13:46 -0800)]
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: I09aa1cf1d1c835146b62d0f4989aeedfb885d95b
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:24 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf skipped:
55b702e6c4
Change-Id: If1fb97bc56d2ed652f56f1f962aea1d00843543e
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:22 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf
Change-Id: I101a465864f054989085bba0ccf2fc633445f356
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:20 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af
Change-Id: I9a919a3168f0d37834a14778c3f24f1e5f417685
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:18 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e
Change-Id: I1df2130c25d9399d2c6ebc47bc0b8ec127994b89
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:16 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93
Change-Id: I89bb716ce51a1d98147c0df527174b4934999347
Hansong Zhang [Fri, 18 Jan 2019 19:51:00 +0000 (11:51 -0800)]
DO NOT MERGE process_l2cap_cmd: Fix OOB
Bug:
119870451
Test: POC
Change-Id: Ieef322a3ad4cebcaf40e5388584d3a04a4761d2e
Hansong Zhang [Mon, 14 Jan 2019 22:59:35 +0000 (14:59 -0800)]
process_l2cap_cmd: Fix OOB
Bug:
119870451
Test: POC
Change-Id: I2f5e7fedd9aed96c4ffc55af79fdac61c2e5b087
Merged-In: I5131bbf9cda6248fdbbc4bb91916b2fe3731246e
Hansong Zhang [Wed, 16 Jan 2019 20:33:26 +0000 (12:33 -0800)]
btm_ble_multi_adv: Check data length in HCI interface
For BleAdvertiserVscHciInterfaceImpl and
BleAdvertiserLegacyHciInterfaceImpl, the maximum size of scan response
and advertising packet data length should be BTM_BLE_AD_DATA_LEN (31).
Bug:
121145627
Test: POC
Change-Id: I7653a6c186b7313ef2b1547bca120b9d41c90140
Stanley Tng [Mon, 7 Jan 2019 22:45:06 +0000 (14:45 -0800)]
[automerger skipped] Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev am:
3fd73e4ad2 -s ours
am:
af8cf98776 -s ours
am skip reason: change_id I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a with SHA1
c1fcbd5508 is in history
Change-Id: Ib82a5c8869f17e93969906a55323e43a79628f4a
Stanley Tng [Mon, 7 Jan 2019 22:44:41 +0000 (14:44 -0800)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0 skipped:
dff13d810c am:
47dcb6a458
am:
a2e761ac2b
Change-Id: Ia655d085c410e45e44efc1fa1bb2737a7cccd310
Stanley Tng [Mon, 7 Jan 2019 22:40:43 +0000 (14:40 -0800)]
[automerger skipped] Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev
am:
3fd73e4ad2 -s ours
am skip reason: change_id I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a with SHA1
c1fcbd5508 is in history
Change-Id: Ie17711d48b90d8921cf26dc501cdfb776c7ef47e
Stanley Tng [Mon, 7 Jan 2019 22:40:22 +0000 (14:40 -0800)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0 skipped:
dff13d810c
am:
47dcb6a458
Change-Id: Ief422a38b0c559b912038c038edc48854357b3bf
TreeHugger Robot [Mon, 7 Jan 2019 22:33:36 +0000 (22:33 +0000)]
Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:29 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0 skipped:
dff13d810c
Change-Id: I92b4d78f5b6a53c863e7ec6d91b4cc32982258f8
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:28 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0
Change-Id: I0cbec621cadfaaf9142d427b52a17cd9db3cd08a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:27 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88
Change-Id: I9fd0733ff10442ca2050e440b954a9cb2f574c1a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:26 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31
Change-Id: I40ce009c5868fde902bc29a0af1b62c89f02f158
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:24 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508
Change-Id: I5812786ed1ac013a273e300c1ddbe3fd26857543
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Ugo Yu [Fri, 30 Nov 2018 21:23:05 +0000 (13:23 -0800)]
Add OOB check in avrc_pars_browse_rsp am:
f44cbb20e7
am:
45a3f8a6fd
Change-Id: Ibb3ff9d8915ab9129e890b04848dd78891262e28
Ugo Yu [Fri, 30 Nov 2018 21:13:52 +0000 (13:13 -0800)]
Add OOB check in avrc_pars_browse_rsp
am:
f44cbb20e7
Change-Id: Ieabff141ded21319a946fa0829bdb60cdedd8e9b
Ugo Yu [Tue, 13 Nov 2018 12:03:28 +0000 (20:03 +0800)]
Add OOB check in avrc_pars_browse_rsp
Bug:
111451066
Test: Manully
Change-Id: I068d218b8957bb8f053148d252a9119a8def28cc
Jakub Pawlowski [Thu, 29 Nov 2018 13:35:18 +0000 (05:35 -0800)]
[automerger skipped] [automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96 skipped:
89e9bbb83c am:
2f53d6ce3c -s ours
am:
9eac53f263 -s ours
Change-Id: I2eed02578d152324e7aa9281e55c3066a4645b33
Jakub Pawlowski [Thu, 29 Nov 2018 13:31:11 +0000 (05:31 -0800)]
[automerger skipped] [automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96 skipped:
89e9bbb83c
am:
2f53d6ce3c -s ours
Change-Id: If82ef8a6331a62d932eeb3dffaee577ee7d7ea25
Android Build Merger (Role) [Thu, 29 Nov 2018 11:52:36 +0000 (11:52 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96 skipped:
89e9bbb83c
Change-Id: Ia431ddd5ad1d6ee86bd6edd1057372b8dbf51d3b
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:42 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96
Change-Id: I0e5f1348f27f0d9981f99cc0897f9dcc9f443bf3
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:39 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5
Change-Id: I258a6e883061d68b24b30e17e03f72d2000e5f3f
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:37 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f
Change-Id: I22ea297e564616790fd7e916747cdcea25d2b068
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:34 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904
Change-Id: Icbd5b31039dbf3016575f9d6d69b216d76564c96
Jakub Pawlowski [Tue, 27 Nov 2018 16:59:57 +0000 (17:59 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Jakub Pawlowski [Thu, 29 Nov 2018 09:39:01 +0000 (01:39 -0800)]
[automerger skipped] Fix buffer overflow in btif_dm_data_copy am:
969b2df3a0
am:
1087c5291a -s ours
Change-Id: I40657cf9ce6ae8ffe3d2d568aaeb34668da84292
Jakub Pawlowski [Thu, 29 Nov 2018 09:33:56 +0000 (01:33 -0800)]
Fix buffer overflow in btif_dm_data_copy
am:
969b2df3a0
Change-Id: Icc0b739672cf0683edf9bfc5d8244b1ceb87a1b6
Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Jakub Pawlowski [Tue, 27 Nov 2018 21:24:43 +0000 (13:24 -0800)]
[automerger skipped] [automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999 skipped:
2470706409 am:
d2dd0bacbc -s ours
am:
1062b94226 -s ours
Change-Id: Ic8bab7e79d802eca8efda8a613f83e465e2a4e81
Jakub Pawlowski [Tue, 27 Nov 2018 21:14:37 +0000 (13:14 -0800)]
[automerger skipped] [automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999 skipped:
2470706409
am:
d2dd0bacbc -s ours
Change-Id: If276bb160498a352e02bdb6231ac8fed8142aec4
Android Build Merger (Role) [Tue, 27 Nov 2018 20:09:16 +0000 (20:09 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999 skipped:
2470706409
Change-Id: Id4bfbba911ecb95c728e1daba294fefc9d1de4ce
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:48 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999
Change-Id: I1ecbacc502b14733b0f4bd11b057763506b1fd95
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:45 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65
Change-Id: I98ae5ab9e24acd447c0c72835067db0bc7430371
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:42 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071
Change-Id: I8615cedf8b9192c46506c54934229089021fe101
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:40 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c
Change-Id: If8da202c56ee7deeb7aba67f59b19ef28466f6ae
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Merged-In: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Jakub Pawlowski [Tue, 27 Nov 2018 16:23:09 +0000 (08:23 -0800)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
889efd5b91
am:
934213ef03
Change-Id: Ic9ff7d53321c6c7b39f32dc043050f1467a1233d
Jakub Pawlowski [Tue, 27 Nov 2018 16:19:03 +0000 (08:19 -0800)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
am:
889efd5b91
Change-Id: If3ae150367def015874bebb60c2fca763f01133f
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Ugo Yu [Fri, 2 Nov 2018 12:32:14 +0000 (20:32 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication is completed.
- Report empty UUID to Java if a classic Bluetooth device SDP
failed while pairing.
- Hold BOND_BONDED intent util SDP is findished.
- Only accept profile connection for the device is at bonded
state. Any attempt to connect while bonding would potentially
lead to an unauthorized connection.
Bug:
79703832
Test: runtest bluetooth
Change-Id: I023713e07308bfc0e5bb8d67f386bcc50f6a0f85
(cherry picked from commit
122e115b87fe98ca5e5e65b9765c146f9e52b65e)
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:25 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408 am:
70ab44a424 skipped:
4e26a1fa5d
Change-Id: Iaf03c4cdf1ff19989e6d249a1be04ae57346aba0
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:21 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408 am:
70ab44a424
Change-Id: I0ec2f3cf5ff12ff8953647dc4dbf254fa4573f8b
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:18 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408
Change-Id: I08534e15fd3a1ac53d666a9d27b6f3a30200e065
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:15 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910
Change-Id: Ie051800f6ad61b7f7d14dd41f56b19848f38e5fb
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:11 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
Change-Id: I1db76ed30b73630aa44839271fbb654ce533c17c
Ugo Yu [Tue, 30 Oct 2018 07:10:35 +0000 (15:10 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication is completed.
- Report empty UUID to Java if a classic Bluetooth device SDP
failed while pairing.
- Hold BOND_BONDED intent util SDP is findished.
- Only accept profile connection for the device is at bonded
state. Any attempt to connect while bonding would potentially
lead to an unauthorized connection.
Bug:
79703832
Test: runtest bluetooth, regression test.
Change-Id: I023713e07308bfc0e5bb8d67f386bcc50f6a0f85
(cherry picked from commit
122e115b87fe98ca5e5e65b9765c146f9e52b65e)
Cheney Ni [Tue, 13 Nov 2018 01:06:10 +0000 (17:06 -0800)]
Revert "Fix OOB in avrc_pars_browse_rsp" am:
6d1c4974bf
am:
1e5b0037f8
Change-Id: Ibd9afdda7b2f7cc8f895bf9af4cfbd893f3a8bbe
Cheney Ni [Tue, 13 Nov 2018 00:35:58 +0000 (16:35 -0800)]
Revert "Fix OOB in avrc_pars_browse_rsp"
am:
6d1c4974bf
Change-Id: I164343e6a08e851173a730fb06173fd6dca60f03
Cheney Ni [Thu, 8 Nov 2018 18:56:07 +0000 (18:56 +0000)]
Revert "Fix OOB in avrc_pars_browse_rsp"
This reverts commit
32a33dc12d4a9b21306510a98bcd039ca3be1dd3.
Reason for revert: regression issue found.
Change-Id: I48db0b0313477e1f3b6fe97cd4d540dfe16f3963
Bug:
111451066
Chienyuan [Mon, 5 Nov 2018 21:45:40 +0000 (13:45 -0800)]
[automerger skipped] Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev am:
6bc3fa5698
am:
2a2dc33454 -s ours
Change-Id: I37f850ba7d3361dc801f80188137e23d63f1d2dd
Chienyuan [Mon, 5 Nov 2018 21:38:46 +0000 (13:38 -0800)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev
am:
6bc3fa5698
Change-Id: Ib0f1f4d80313b20e2db2233b0766dfdf887f7bb3
TreeHugger Robot [Mon, 5 Nov 2018 21:32:27 +0000 (21:32 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev
Myles Watson [Mon, 5 Nov 2018 19:26:17 +0000 (11:26 -0800)]
[automerger skipped] Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev am:
f90160ea4f -s ours
am:
d2e1ff8307 -s ours
Change-Id: Id3fec3163877efd920bf6883c4c1dbc108bdce75
Myles Watson [Mon, 5 Nov 2018 19:22:43 +0000 (11:22 -0800)]
[automerger skipped] Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev
am:
f90160ea4f -s ours
Change-Id: Ibfd89fac51bc174eb75f144f623c59b8f290c655
TreeHugger Robot [Mon, 5 Nov 2018 19:06:20 +0000 (19:06 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev
Chienyuan [Mon, 5 Nov 2018 18:28:38 +0000 (10:28 -0800)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c skipped:
9c2fb57cee am:
18515721e5 -s ours
am:
6408abcd83 -s ours
Change-Id: Iff25af63698a6a502b0cae09d16b54072b33ffbd
Chienyuan [Mon, 5 Nov 2018 18:24:35 +0000 (10:24 -0800)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c skipped:
9c2fb57cee
am:
18515721e5 -s ours
Change-Id: I5b428c6b8ed1cd08d03a5f3c76f46a7211f2077d
Hansong Zhang [Mon, 5 Nov 2018 18:03:36 +0000 (18:03 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-dev
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:29 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c skipped:
9c2fb57cee
Change-Id: I9bb69caded703f74c79189f0cf78069e1fab9ca5
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:28 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c
Change-Id: I29b39b9cd2b0390289b525bf50ce4080b4a9557a
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:27 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89
Change-Id: Iee0814f1ed5a5decc214abad4721a84825cd53b1
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:26 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a
Change-Id: I5977408e04b4479c9aa2b5d16a03e18d7e9deced
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:25 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1
Change-Id: I406dd66fa46d18b70d48faedf810d6a3ddbe3fbc
TreeHugger Robot [Mon, 5 Nov 2018 17:50:52 +0000 (17:50 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-mr1-dev
Myles Watson [Mon, 5 Nov 2018 17:36:58 +0000 (09:36 -0800)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into oc-dev am:
f6dc20ea52
am:
0e1c94b72d
Change-Id: Iec488eec7467acd6c4c216f1412924e2860f33a3
Myles Watson [Mon, 5 Nov 2018 17:36:37 +0000 (09:36 -0800)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into oc-dev am:
518c50aaa9
am:
e476de0364
Change-Id: I9d2e15050dbe5f77b1abf7cc67b952ed65e8d161
Myles Watson [Mon, 5 Nov 2018 17:33:38 +0000 (09:33 -0800)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into oc-dev
am:
f6dc20ea52
Change-Id: Ia27e3b2a51ef75bc07b1ba5a8b5aa7064f4aadd6