OSDN Git Service
Hansong Zhang [Fri, 12 Jan 2018 18:59:31 +0000 (18:59 +0000)]
Merge "DO NOT MERGE Fix unexpected behavior in reading BNEP packets" into nyc-dev
Hansong Zhang [Fri, 12 Jan 2018 18:59:27 +0000 (18:59 +0000)]
Merge "DO NOT MERGE Fix unexpected behavior in SDP" into nyc-dev
Hansong Zhang [Thu, 11 Jan 2018 00:59:48 +0000 (16:59 -0800)]
DO NOT MERGE Fix unexpected behavior in reading BNEP packets
Bug:
67863755
Bug:
69177251
Bug:
69177292
Bug:
69271284
Test: BNEP still works
Change-Id: I41b8bfe5e123a56b8812124178663735f2bf3372
Hansong Zhang [Wed, 10 Jan 2018 03:43:20 +0000 (19:43 -0800)]
DO NOT MERGE Fix unexpected behavior in SDP
Bug:
68776054
Bug:
68817966
Test: Bluetooth SDP still works
Change-Id: I4eef22679a313b88d7e8ec463b29dbb592c6b5b9
Merged-In: I4eef22679a313b88d7e8ec463b29dbb592c6b5b9
Pavlin Radoslavov [Mon, 8 Jan 2018 19:37:05 +0000 (11:37 -0800)]
Removed alarm callback execution statistics
Updating the alarm state after the callback returns can be problematic
in case the callback itself deleted the alarm.
Bug:
67110137
Test: Manual
Change-Id: Id4de06eebedb792cadd63d09efb68672e9bddc69
Merged-In: Id4de06eebedb792cadd63d09efb68672e9bddc69
(cherry picked from commit
04574e1cde3b0d46b59b4b6ebab935ac60af9f97)
Scott Bauer [Fri, 7 Apr 2017 00:35:40 +0000 (18:35 -0600)]
Read the correct amount of attributes
bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.
There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.
This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.
Bug:
37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Andre Eisenbach [Thu, 17 Aug 2017 00:39:39 +0000 (00:39 +0000)]
SDP: Bounds check 'id' parameter for free_sdp_slot() am:
294cc61f4f am:
5dc24c7b41 am:
8498351370
am:
615de1d1fe -s ours
Change-Id: I2e6425620ccf65636ba0b0ba6c783c8bf8764ec0
Andre Eisenbach [Thu, 17 Aug 2017 00:37:42 +0000 (00:37 +0000)]
SDP: Bounds check 'id' parameter for free_sdp_slot() am:
294cc61f4f am:
5dc24c7b41
am:
8498351370
Change-Id: I171cafa603f3bf9d6a91895aba461fa96711c18c
Andre Eisenbach [Thu, 17 Aug 2017 00:32:37 +0000 (00:32 +0000)]
SDP: Bounds check 'id' parameter for free_sdp_slot() am:
294cc61f4f
am:
5dc24c7b41
Change-Id: I27dffd6583706912f79cfd730eca390e930e9294
Andre Eisenbach [Thu, 17 Aug 2017 00:30:38 +0000 (00:30 +0000)]
SDP: Bounds check 'id' parameter for free_sdp_slot()
am:
294cc61f4f
Change-Id: Ief8d911221408ff79a5addc7a7d58c7ca1a38808
Andre Eisenbach [Tue, 8 Aug 2017 23:51:12 +0000 (16:51 -0700)]
SDP: Bounds check 'id' parameter for free_sdp_slot()
Merged-In: I34e8296ec7ec6b4ffbe1fa0452754f2a421e6ec7
Test: manual
Fixes:
37502513
Change-Id: I34e8296ec7ec6b4ffbe1fa0452754f2a421e6ec7
(cherry picked from commit
b413f1b1365af4273647727e497848f95312d0ec)
Andre Eisenbach [Tue, 8 Aug 2017 22:41:21 +0000 (15:41 -0700)]
SDP: Bounds check 'id' parameter for free_sdp_slot()
Merged-In: I34e8296ec7ec6b4ffbe1fa0452754f2a421e6ec7
Test: manual
Fixes:
37502513
Change-Id: I34e8296ec7ec6b4ffbe1fa0452754f2a421e6ec7
(cherry picked from commit
b413f1b1365af4273647727e497848f95312d0ec)
Pavlin Radoslavov [Tue, 18 Jul 2017 19:05:51 +0000 (19:05 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into mnc-dev am:
fdcad53f8e am:
fd94c15a5a am:
0cea290eee
am:
97922c7401
Change-Id: Id1569df9156b8de893dcb5c28997ec4a924eb82e
Pavlin Radoslavov [Tue, 18 Jul 2017 19:05:38 +0000 (19:05 +0000)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks am:
8f18afd26c am:
ffa87779a1 am:
7eda996189
am:
ba12732aad -s ours
Change-Id: Id1a43cefdc006f9f6d24b35b21502c8453bdd673
Pavlin Radoslavov [Tue, 18 Jul 2017 19:01:19 +0000 (19:01 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into mnc-dev am:
fdcad53f8e am:
fd94c15a5a
am:
0cea290eee
Change-Id: I24ad37b139ec7af93fde160b16da095d77bd4729
Pavlin Radoslavov [Tue, 18 Jul 2017 19:01:05 +0000 (19:01 +0000)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks am:
8f18afd26c am:
ffa87779a1
am:
7eda996189
Change-Id: I3587c48c072b808e8a84a63d1e6f63ea39f158b5
Pavlin Radoslavov [Tue, 18 Jul 2017 18:55:45 +0000 (18:55 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into mnc-dev am:
fdcad53f8e
am:
fd94c15a5a
Change-Id: I635b78d48c94608adb9a1ef784bf5884f64610a3
Pavlin Radoslavov [Tue, 18 Jul 2017 18:55:33 +0000 (18:55 +0000)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks am:
8f18afd26c
am:
ffa87779a1
Change-Id: I4e93ec83fac0bfa764f7b78bf33d0ba088e5bc3a
Pavlin Radoslavov [Tue, 18 Jul 2017 18:51:27 +0000 (18:51 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into mnc-dev
am:
fdcad53f8e
Change-Id: I3ae12cba736d90e70bb52888063304337550081c
Pavlin Radoslavov [Tue, 18 Jul 2017 18:51:03 +0000 (18:51 +0000)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
am:
8f18afd26c
Change-Id: I23886b18719d28ef3ae397ec6444b9e2692885e8
TreeHugger Robot [Tue, 18 Jul 2017 18:46:45 +0000 (18:46 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into mnc-dev
TreeHugger Robot [Tue, 18 Jul 2017 18:45:57 +0000 (18:45 +0000)]
Merge "Add missing extension length check while parsing BNEP control packets" into nyc-dev
Pavlin Radoslavov [Tue, 18 Jul 2017 01:12:10 +0000 (18:12 -0700)]
Add missing extension length check while parsing BNEP control packets
Bug:
63146237
Test: External script
Change-Id: I4e519cec1c7dffb8bd42add00bd891e0969a3d9f
(cherry picked from commit
9ab89b7dbe5735b796799f65144efa48595d0230)
(cherry picked from commit
dc7700a43189d2a8607b69ae19a6d646f11ddf51)
(cherry picked from commit
c7874f25a0557ca4413d8db80bab8da842fc389a)
(cherry picked from commit
187bd8aec0aae63c6328981041e5ec7764ece6a9)
(cherry picked from commit
01f46e0aff705dab350cda7f648fb94976ea3988)
Pavlin Radoslavov [Tue, 18 Jul 2017 01:12:10 +0000 (18:12 -0700)]
Add missing extension length check while parsing BNEP control packets
Bug:
63146237
Test: External script
Change-Id: I4e519cec1c7dffb8bd42add00bd891e0969a3d9f
(cherry picked from commit
9ab89b7dbe5735b796799f65144efa48595d0230)
(cherry picked from commit
dc7700a43189d2a8607b69ae19a6d646f11ddf51)
(cherry picked from commit
c7874f25a0557ca4413d8db80bab8da842fc389a)
(cherry picked from commit
187bd8aec0aae63c6328981041e5ec7764ece6a9)
Pavlin Radoslavov [Tue, 18 Jul 2017 00:21:16 +0000 (17:21 -0700)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
Bug:
63146105
Test: External script
Change-Id: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
Merged-In: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
(cherry picked from commit
4982eb5df30cbcbee5c8b8807be95fdc6dfa63c5)
(cherry picked from commit
a654681c5558904a8abfa1bbab8eafb651c13231)
(cherry picked from commit
64a12d3b6e71d9161837f28ce18c34d924c2bafc)
(cherry picked from commit
8f18afd26c02ae3d46bf14d6e36017965dee0394)
Pavlin Radoslavov [Tue, 18 Jul 2017 00:21:16 +0000 (17:21 -0700)]
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
Bug:
63146105
Test: External script
Change-Id: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
Merged-In: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
(cherry picked from commit
4982eb5df30cbcbee5c8b8807be95fdc6dfa63c5)
(cherry picked from commit
a654681c5558904a8abfa1bbab8eafb651c13231)
(cherry picked from commit
64a12d3b6e71d9161837f28ce18c34d924c2bafc)
Pavlin Radoslavov [Thu, 13 Jul 2017 19:25:41 +0000 (19:25 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into mnc-dev am:
c41ba8a569 am:
494625245f am:
19b22ffe8a
am:
df16497d1c -s ours
Change-Id: I43ac50a1683bef1b0f92f03296ba68f6dc0880da
Pavlin Radoslavov [Thu, 13 Jul 2017 19:22:46 +0000 (19:22 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into mnc-dev am:
c41ba8a569 am:
494625245f
am:
19b22ffe8a
Change-Id: Ia027b6cc651ffc920d5fafb7f8dad8f442220706
Pavlin Radoslavov [Thu, 13 Jul 2017 19:20:42 +0000 (19:20 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into mnc-dev am:
c41ba8a569
am:
494625245f
Change-Id: I3de1f423efacac96493de69033538157be2ca8f9
Pavlin Radoslavov [Thu, 13 Jul 2017 19:18:47 +0000 (19:18 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into mnc-dev
am:
c41ba8a569
Change-Id: I85c402bbc30c9954c71be3fe907651b76387653a
TreeHugger Robot [Thu, 13 Jul 2017 19:09:02 +0000 (19:09 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into mnc-dev
TreeHugger Robot [Thu, 13 Jul 2017 19:01:54 +0000 (19:01 +0000)]
Merge "Add a missing check for PAN buffer size before copying data" into nyc-dev
Pavlin Radoslavov [Thu, 13 Jul 2017 18:21:35 +0000 (18:21 +0000)]
Merge "Add missing packet length checks while parsing BNEP control packets" into mnc-dev am:
64d3ed3c9d am:
6fca688b42 am:
7a30f0c78a
am:
9dc57eff7a
Change-Id: Iefe422511cd90f86d95b7d5c576161aae80055e9
Pavlin Radoslavov [Thu, 13 Jul 2017 18:21:15 +0000 (18:21 +0000)]
Merge "Add missing continuation offset check for SDP continuation requests" into mnc-dev am:
b5cb6103b9 am:
70ef60cac0 am:
da8e592089
am:
634fc84bbd
Change-Id: I35386fe81935831e344265a879e8ee2bc05e4dc7
Pavlin Radoslavov [Thu, 13 Jul 2017 18:20:57 +0000 (18:20 +0000)]
Merge "Allocate buffers of the right size when BT_HDR is included" into mnc-dev am:
d2a3649d6e am:
27db9becc7 am:
84714e10d8
am:
8ec036d751 -s ours
Change-Id: I3735cfa1430daf543d5cbfdb1609176443feba86
Pavlin Radoslavov [Thu, 13 Jul 2017 18:20:40 +0000 (18:20 +0000)]
Disable PAN Reverse Tethering when connection originated by the Remote am:
f7a7f7a948 am:
b4cf6c5aa7 am:
5d9bbfe453
am:
c80b2fc096 -s ours
Change-Id: I143dcc7f5db0b852b596eeb62ac78f1beda40b3c
Pavlin Radoslavov [Thu, 13 Jul 2017 18:19:03 +0000 (18:19 +0000)]
Merge "Add missing packet length checks while parsing BNEP control packets" into mnc-dev am:
64d3ed3c9d am:
6fca688b42
am:
7a30f0c78a
Change-Id: I77d2ac1b4e2e271d42cf555f66951217db7c7f05
Pavlin Radoslavov [Thu, 13 Jul 2017 18:18:49 +0000 (18:18 +0000)]
Merge "Add missing continuation offset check for SDP continuation requests" into mnc-dev am:
b5cb6103b9 am:
70ef60cac0
am:
da8e592089
Change-Id: Ibc97e933ab9dbcb262753946ca0bad8ed3fe716d
Pavlin Radoslavov [Thu, 13 Jul 2017 18:18:33 +0000 (18:18 +0000)]
Merge "Allocate buffers of the right size when BT_HDR is included" into mnc-dev am:
d2a3649d6e am:
27db9becc7
am:
84714e10d8
Change-Id: I1a88047cdf70026aaa57f747e4ce614b1d496df0
Pavlin Radoslavov [Thu, 13 Jul 2017 18:18:09 +0000 (18:18 +0000)]
Disable PAN Reverse Tethering when connection originated by the Remote am:
f7a7f7a948 am:
b4cf6c5aa7
am:
5d9bbfe453
Change-Id: I0d39c39b4b573b7df297ed1d93191aff18712fec
Pavlin Radoslavov [Thu, 13 Jul 2017 18:16:48 +0000 (18:16 +0000)]
Merge "Add missing packet length checks while parsing BNEP control packets" into mnc-dev am:
64d3ed3c9d
am:
6fca688b42
Change-Id: I2f4b155188edb226c208350addc1d342ef90a55a
Pavlin Radoslavov [Thu, 13 Jul 2017 18:16:35 +0000 (18:16 +0000)]
Merge "Add missing continuation offset check for SDP continuation requests" into mnc-dev am:
b5cb6103b9
am:
70ef60cac0
Change-Id: I17a95052722739e6329e9759fafe1c0a7acfa067
Pavlin Radoslavov [Thu, 13 Jul 2017 18:16:22 +0000 (18:16 +0000)]
Merge "Allocate buffers of the right size when BT_HDR is included" into mnc-dev am:
d2a3649d6e
am:
27db9becc7
Change-Id: I5a5ea407d003fc297ee89837ff22fcc0d946c735
Pavlin Radoslavov [Thu, 13 Jul 2017 18:16:08 +0000 (18:16 +0000)]
Disable PAN Reverse Tethering when connection originated by the Remote am:
f7a7f7a948
am:
b4cf6c5aa7
Change-Id: I915ceaf816dc806ba91da7791aa1b43460615935
Pavlin Radoslavov [Thu, 13 Jul 2017 18:14:31 +0000 (18:14 +0000)]
Merge "Add missing packet length checks while parsing BNEP control packets" into mnc-dev
am:
64d3ed3c9d
Change-Id: I2ec8b4f3b50082036ce1f335d36fd728cb9c3665
Pavlin Radoslavov [Thu, 13 Jul 2017 18:14:11 +0000 (18:14 +0000)]
Merge "Add missing continuation offset check for SDP continuation requests" into mnc-dev
am:
b5cb6103b9
Change-Id: I12c131aa3543e524f669f038153de2dbcd6ca63a
Pavlin Radoslavov [Thu, 13 Jul 2017 18:13:55 +0000 (18:13 +0000)]
Merge "Allocate buffers of the right size when BT_HDR is included" into mnc-dev
am:
d2a3649d6e
Change-Id: I781ce0eb5e6ea5b8b8fb029afe6caf81bd9ca9fb
Pavlin Radoslavov [Thu, 13 Jul 2017 18:13:38 +0000 (18:13 +0000)]
Disable PAN Reverse Tethering when connection originated by the Remote
am:
f7a7f7a948
Change-Id: I5d1c8050de38dde922f9891e70574205422ee7be
TreeHugger Robot [Thu, 13 Jul 2017 18:05:30 +0000 (18:05 +0000)]
Merge "Add missing packet length checks while parsing BNEP control packets" into mnc-dev
TreeHugger Robot [Thu, 13 Jul 2017 18:05:09 +0000 (18:05 +0000)]
Merge "Add missing continuation offset check for SDP continuation requests" into mnc-dev
TreeHugger Robot [Thu, 13 Jul 2017 18:04:48 +0000 (18:04 +0000)]
Merge "Allocate buffers of the right size when BT_HDR is included" into mnc-dev
TreeHugger Robot [Thu, 13 Jul 2017 18:02:23 +0000 (18:02 +0000)]
Merge "Disable PAN Reverse Tethering when connection originated by the Remote" into nyc-dev
Pavlin Radoslavov [Thu, 13 Jul 2017 00:33:42 +0000 (17:33 -0700)]
Add a missing check for PAN buffer size before copying data
Bug:
63146237
Test: External script
Change-Id: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402
Merged-In: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402
(cherry picked from commit
1d909399cb4259243dac2e531e3ce6ca1afa77e7)
(cherry picked from commit
aa486ad8b5ad6eaef732e5fa7f151495c8c3faf2)
(cherry picked from commit
a8a6a17fdfc8d930ba4ad18f92cf4453cc1a219e)
(cherry picked from commit
d1145e0af3507e37d4bd25f1833e22c5c716f0ac)
Pavlin Radoslavov [Thu, 13 Jul 2017 01:39:31 +0000 (18:39 -0700)]
Disable PAN Reverse Tethering when connection originated by the Remote
* Check for valid interactions between the three PAN profile roles per
Table 1 in PAN Profile v1.0 spec.
* Explicitly disable connections to the local PANU if the remote is
not PANU.
Bug:
63145701
Test: External script
Change-Id: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
Merged-In: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
(cherry picked from commit
9aea2c2f92dd5245f6b35d564ce8e471fec2b4ec)
(cherry picked from commit
3f2ee5b546b65b5b021779588316249276ed3827)
(cherry picked from commit
40c7cefb12ac1a70bf7b1c770c1ab21a5b3f229e)
(cherry picked from commit
f7a7f7a948e38195e8ca897785ac5d489082f0cc)
Pavlin Radoslavov [Thu, 6 Jul 2017 20:39:02 +0000 (13:39 -0700)]
Allocate buffers of the right size when BT_HDR is included
Bug:
63146105
Test: External script
Change-Id: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
Merged-In: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
(cherry picked from commit
d88838a7237cd672d87b6b9cc8d56fff625fd1d5)
(cherry picked from commit
b648c7dfe45c57842d58576f558fdf8edff10bec)
(cherry picked from commit
338e0485940ab278e6a2dc12285ba0798b79cfa4)
Pavlin Radoslavov [Thu, 13 Jul 2017 02:10:12 +0000 (19:10 -0700)]
Add missing packet length checks while parsing BNEP control packets
Bug:
63146237
Test: External script
Change-Id: Ie778f3c99df81c85ed988f3af89b4edbcc2eeb99
Merged-In: Ie778f3c99df81c85ed988f3af89b4edbcc2eeb99
(cherry picked from commit
7feaeb006941a1494d7cdc0a2ffc4bb1004b38b4)
(cherry picked from commit
6d415839da570b94b0763f6ab444f0dd1321fc33)
(cherry picked from commit
c68554feb3ddfd31cdec6d81a4b73a959c1b2a09)
(cherry picked from commit
3775b3c49e5d62349fd1f3dfb743fabadb43ea75)
Pavlin Radoslavov [Thu, 13 Jul 2017 01:56:03 +0000 (18:56 -0700)]
Add missing continuation offset check for SDP continuation requests
Bug:
63146698
Test: External script
Change-Id: Iea52f1689dc12bfe0d4b57996f17db4bc3bd5983
Merged-In: Iea52f1689dc12bfe0d4b57996f17db4bc3bd5983
(cherry picked from commit
e776c834768bedd043ace7e5714390b61c96a248)
(cherry picked from commit
10ce685cb025f6854be4ecc5329f2f684fd9ea5d)
Pavlin Radoslavov [Thu, 13 Jul 2017 01:39:31 +0000 (18:39 -0700)]
Disable PAN Reverse Tethering when connection originated by the Remote
* Check for valid interactions between the three PAN profile roles per
Table 1 in PAN Profile v1.0 spec.
* Explicitly disable connections to the local PANU if the remote is
not PANU.
Bug:
63145701
Test: External script
Change-Id: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
Merged-In: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
(cherry picked from commit
9aea2c2f92dd5245f6b35d564ce8e471fec2b4ec)
(cherry picked from commit
3f2ee5b546b65b5b021779588316249276ed3827)
(cherry picked from commit
40c7cefb12ac1a70bf7b1c770c1ab21a5b3f229e)
Pavlin Radoslavov [Thu, 13 Jul 2017 00:33:42 +0000 (17:33 -0700)]
Add a missing check for PAN buffer size before copying data
Bug:
63146237
Test: External script
Change-Id: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402
Merged-In: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402
(cherry picked from commit
1d909399cb4259243dac2e531e3ce6ca1afa77e7)
(cherry picked from commit
aa486ad8b5ad6eaef732e5fa7f151495c8c3faf2)
(cherry picked from commit
a8a6a17fdfc8d930ba4ad18f92cf4453cc1a219e)
Pavlin Radoslavov [Thu, 6 Jul 2017 20:39:02 +0000 (13:39 -0700)]
Allocate buffers of the right size when BT_HDR is included
Bug:
63146105
Test: External script
Change-Id: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
Merged-In: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
(cherry picked from commit
d88838a7237cd672d87b6b9cc8d56fff625fd1d5)
(cherry picked from commit
b648c7dfe45c57842d58576f558fdf8edff10bec)
Jack He [Tue, 11 Apr 2017 22:18:07 +0000 (22:18 +0000)]
Check LE advertising data length before caching advertising records am:
1bef3546a6 am:
e6620d18cf am:
585e0c08f5
am:
005eb1d305
Change-Id: Ic4f826e4f963f969c360fe39c6e720c3fb013d23
Jack He [Tue, 11 Apr 2017 22:13:06 +0000 (22:13 +0000)]
Check LE advertising data length before caching advertising records am:
1bef3546a6 am:
e6620d18cf
am:
585e0c08f5
Change-Id: If70a5f9b56845e758c2a2a3150936a72cac9f438
Jack He [Tue, 11 Apr 2017 22:08:06 +0000 (22:08 +0000)]
Check LE advertising data length before caching advertising records am:
1bef3546a6
am:
e6620d18cf
Change-Id: I412c0dd7854d7f6157e1974e285078909543bb41
Jack He [Tue, 11 Apr 2017 22:03:05 +0000 (22:03 +0000)]
Check LE advertising data length before caching advertising records
am:
1bef3546a6
Change-Id: Ibbf6183833d7f00937742fa337a04569c4ef3c2f
Jack He [Thu, 6 Apr 2017 00:59:58 +0000 (17:59 -0700)]
Check LE advertising data length before caching advertising records
Bug:
33899337
Test: make, receive LE advertising
Change-Id: I06b249ac5cabdef64528deda07b8bae749e1d2fd
(cherry picked from commit
d57adbc350fdee4f27b82c9e39a14bd745d92320)
Pavlin Radoslavov [Tue, 14 Mar 2017 21:46:15 +0000 (14:46 -0700)]
resolve merge conflicts of
a3ee2e35 to nyc-dev
Bug:
34946955
Change-Id: Ieff690edd3aa527a0639483ec8e1e3b661f0ecc4
Merged-In: I0b6f50dee05a58db8c043b4d01fb58c9acbeede9
Pavlin Radoslavov [Tue, 14 Mar 2017 21:10:16 +0000 (21:10 +0000)]
Check the HCI length before extracting the L2CAP length and CID am:
33c68c82c1 am:
172f0d8f7c
am:
ca64d3d38b
Change-Id: I239b72b4cc81728c3e859b7f4efcb820c9d8fef9
Pavlin Radoslavov [Tue, 14 Mar 2017 21:05:16 +0000 (21:05 +0000)]
Check the HCI length before extracting the L2CAP length and CID am:
33c68c82c1
am:
172f0d8f7c
Change-Id: Ifb002936f93d85d635ab76ddf52c0ddb44cb9d3e
Pavlin Radoslavov [Tue, 14 Mar 2017 20:59:46 +0000 (20:59 +0000)]
Check the HCI length before extracting the L2CAP length and CID
am:
33c68c82c1
Change-Id: I1f94530ef90162747ef6a62c3a601856ea1d6672
Pavlin Radoslavov [Wed, 8 Mar 2017 02:48:21 +0000 (18:48 -0800)]
Check the HCI length before extracting the L2CAP length and CID
Bug:
34946955
Test: A2DP streaming to a headset
Change-Id: I0b6f50dee05a58db8c043b4d01fb58c9acbeede9
(cherry picked from commit
ecc0835114cbae3033d8b0e25bd8b443880d5077)
TreeHugger Robot [Mon, 29 Aug 2016 21:51:21 +0000 (21:51 +0000)]
Merge "Disable auto-pairing for hands-free devices" into nyc-dev
Andy Hung [Thu, 28 Jul 2016 17:45:54 +0000 (10:45 -0700)]
audio_a2dp_hw: Always update frame counter in out_write
Required now that we always return success.
Bug:
30025777
Change-Id: I7db51321672c128039545cc0fb604c615f169bc3
(cherry picked from commit
f4a37b255d1d6fa4cf7cefe2aeb1c3f4fdf33f3c)
Andre Eisenbach [Thu, 7 Jul 2016 16:58:59 +0000 (09:58 -0700)]
Disable auto-pairing for hands-free devices
Fixes:
30004157
Change-Id: Id170856fbee5ea345f02f55d3a6e3376d846c2de
(cherry picked from commit
e8b81851c33095fe3b3ac78329073309be5421e1)
Andre Eisenbach [Mon, 27 Jun 2016 22:49:53 +0000 (15:49 -0700)]
Add Subaru and Nissan car kits to auto pair blacklist
Bug:
29157087
Change-Id: If227963b939a9b0ed55e6d900364c71932d3cfe8
Andre Eisenbach [Thu, 23 Jun 2016 23:14:53 +0000 (16:14 -0700)]
A2DP media task: Flush full TX queue on congestion
Currently, our TX queue does not allow for quick recovery of minor
congestion. As we only clear as much room in the queue as is needed to
fix the news frames needed for a given timer tick, any minor congestion
on the TX path can result in single frames to be dropped over an
excessively long amount of time.
From the "just rip the band-aid off" school of thought, drop the whole
queue instead to cause a single drop-out on congestion and catch up to
the live stream immediately, hoping that the stream recovers...
Bug:
29601962
Change-Id: I482c3cfef6d8b51143e54733eb2da5f70663636f
Andre Eisenbach [Fri, 24 Jun 2016 17:16:52 +0000 (17:16 +0000)]
Merge "Remove SBC frame scrambling" into nyc-dev
Andre Eisenbach [Thu, 23 Jun 2016 22:25:44 +0000 (15:25 -0700)]
Remove SBC frame scrambling
Bug:
29601962
Change-Id: I30ce09f1c7550a1be9fd1c8ed70745f9aa0cdb44
Andre Eisenbach [Thu, 23 Jun 2016 21:22:35 +0000 (14:22 -0700)]
Remove log spam in btif_gattc_update_properties
Bug:
29601962
Change-Id: I4a86b786609b0203a72b750a1c4a38c82fcc5f97
Sharvil Nanavati [Wed, 22 Jun 2016 01:19:12 +0000 (01:19 +0000)]
resolve merge conflicts of
1f433cb to mnc-dr-dev am:
f15ca6d21d -s ours am:
8e80a26078
am:
edb7ce120e
Change-Id: Ie7ea41474e11479b54ba526294977dfaa60c8cd7
Sharvil Nanavati [Wed, 22 Jun 2016 01:16:24 +0000 (01:16 +0000)]
resolve merge conflicts of
1f433cb to mnc-dr-dev am:
f15ca6d21d -s ours
am:
8e80a26078
Change-Id: I54a690024ccd316058d9d59ff7b16206f7fcd543
Sharvil Nanavati [Wed, 22 Jun 2016 01:13:44 +0000 (01:13 +0000)]
resolve merge conflicts of
1f433cb to mnc-dr-dev
am:
f15ca6d21d -s ours
Change-Id: Ic1a23e2c6d0284b9fdf346a681f59cdcbaa599e0
Sharvil Nanavati [Tue, 21 Jun 2016 22:56:42 +0000 (15:56 -0700)]
resolve merge conflicts of
1f433cb to mnc-dr-dev
Change-Id: I7278875d21c59316217cb1b99d902f4fc248ca06
Sharvil Nanavati [Tue, 21 Jun 2016 02:16:12 +0000 (19:16 -0700)]
DO NOT MERGE Fix potential DoS caused by delivering signal to BT process
Bug:
28885210
Change-Id: I63866d894bfca47464d6e42e3fb0357c4f94d360
Matadeen Mishra [Wed, 3 Feb 2016 12:43:39 +0000 (18:13 +0530)]
L2CAP: Handle invalid HCI packets
- Handled Buffer over flow for uint16_t
- Discard invalid HCI packets from Codenomican test
tool as data length and actual data not matching
during reassembly
Use case:
Execute L2CAP test suit from Defensics Codenomican
Steps:
1. Pair and connect DUT to Codenomican tool
2. Execute L2CAP test suit from Defensics Codenomican
Failure:
Crash observed on DUT and Codenomican tool stuck in execution.
Root cause:
Codenomican tool sending invalid HCI packets to DUT and
there are no checks to handle buffer over flow and other invalid data
from Codenomican tool.
Bug:
29498064
Change-Id: I6f93c80244fc39d607ad285185136bbbca83d7ae
Pavlin Radoslavov [Thu, 16 Jun 2016 23:37:57 +0000 (16:37 -0700)]
Add missing NULL pointers assignments
Each pointer that was freed by one of the following functions should
be reset to NULL:
- config_free()
- data_dispatcher_free()
- fixed_queue_free()
- list_free()
Bug:
29421693
Change-Id: Ie55a04ed986393994564edcf872d7413b0767a85
(cherry picked from commit
8cbc291080730cd7d04990a8fc0e11249b06aa08)
Andy Hung [Wed, 15 Jun 2016 02:58:58 +0000 (19:58 -0700)]
Improve BT HAL write response to BT server reads
By polling, we ensure the socket buffer is nearly always full,
as blocking socket writes may not wake in time to avoid underflow.
Bug:
28286313
Change-Id: I056768dbd860993c41d44c33a4846d62c50db933
TreeHugger Robot [Wed, 15 Jun 2016 00:28:58 +0000 (00:28 +0000)]
Merge "HOGP: Clear pending operations for a given device on connect" into nyc-dev
TreeHugger Robot [Tue, 14 Jun 2016 23:28:20 +0000 (23:28 +0000)]
Merge "HOGP: Preffer write command over write requests" into nyc-dev
Jakub Pawlowski [Tue, 14 Jun 2016 22:03:29 +0000 (22:03 +0000)]
Merge "Use UINT16 for GATT attribute id field" into nyc-dev
Jakub Pawlowski [Tue, 14 Jun 2016 21:40:51 +0000 (14:40 -0700)]
HOGP: Preffer write command over write requests
Some HID devices will accept both write request and write command.
Prefer write commands when possible.
This is due to bug in some hardware, that will not send write response
when too many commands are queued.
Bug:
29184976
Change-Id: I5bafc067f044a48f152c60b8e17722067bc1453e
Jakub Pawlowski [Tue, 14 Jun 2016 19:47:52 +0000 (12:47 -0700)]
Use UINT16 for GATT attribute id field
Id field is equal to attribute handle, so it must be 16bits.
Otherwise only piece of GATT database can be used.
Bug:
29253825
Change-Id: Ia88e3ad3eb96ca8e97349aa5e852e66c57072b49
Jakub Pawlowski [Tue, 14 Jun 2016 19:23:44 +0000 (12:23 -0700)]
Fix missing GATT Characteristic from last service
GATT Service is contained between start and end handle. If
characteristic definition is at end handle, and it's value definition is
after end handle, it will not be properly discovered. That's because we
use value_handle instead of attribute_handle to identify
characteristics.
As a workaround, increase service boundary if value is defined after
it's definition.
Bug:
29253825
Change-Id: Ib145aea4f5cf38a1fbb977c301136e16f8f900f7
Jakub Pawlowski [Mon, 13 Jun 2016 17:30:17 +0000 (10:30 -0700)]
HOGP: Clear pending operations for a given device on connect
If there are any HID operations scheduled after disconnect, mark the
device as no longer executing after establishing connection. Otherwise
we'll be unable to send any HID commands to it.
Change-Id: Ie1bb622388a3bcb574dec3dde76ef4518ee1102f
Jakub Pawlowski [Fri, 10 Jun 2016 23:32:26 +0000 (16:32 -0700)]
HOGP: Clear pending operations for a given device on disconnect
If there are any GATT operations interrupted by a disconnect, mark the
device as no longer executing. Otherwise we'll stil receive data from
the device, but we'll be unable to send any HID commands to it.
Bug:
29184976
Change-Id: I489f41c970abad0ff1145005d3250beafa83d27e
AnubhavGupta [Wed, 6 Apr 2016 06:17:05 +0000 (11:47 +0530)]
Do not request AVRC_CAP_COMPANY_ID if A2DP Sink is not enabled
Also fixed AVRC_PDU_GET_PLAY_STATUS timeout response.
Bug:
28177785
Change-Id: Icde64a5c1806453850abe101f9707fff61566566
(cherry picked from commit
1c512b851d76deac860fce1232e4a1fa1a097f1c)
Srinu Jella [Wed, 8 Jun 2016 10:20:53 +0000 (15:50 +0530)]
Set disable timer in case of any active ACL connection
Use Case: Disable time out when atleast one active ACL connections
Steps:
1. Turn ON Bluetooth
2. Connect to any Headset
3. Turn OFF bluetooth.
Failure: Turn OFF bluetooth is failed when atleast one active ACL connections
Root Cause:i If we have one or more active ACL links, so it is not notitying
BTA_DM_DISABLE_EVT to upper layer.
Fix: Set disable timer in case of any active ACL connection
Bug:
29217385
Change-Id: Ica47717119f1ab9fa9f4f5244e8483c408276a2a
(cherry picked from commit
3e4f01ada8c1627bd48f31cd0c8269984b8e5f96)
TreeHugger Robot [Wed, 8 Jun 2016 22:03:23 +0000 (22:03 +0000)]
Merge "btm: Restrict EXTENDED_INQUIRY_RESULT to 1 result" into nyc-dev
TreeHugger Robot [Wed, 8 Jun 2016 01:30:28 +0000 (01:30 +0000)]
Merge "Fix payload size for GATT Read by type request" into nyc-dev
Pankaj Kanwar [Wed, 8 Jun 2016 01:28:49 +0000 (01:28 +0000)]
Merge "Reject L2CAP INFO RSP and ECHO RSP on the LE signaling channel" into nyc-dev
Subramanian Srinivasan [Fri, 27 May 2016 23:32:55 +0000 (16:32 -0700)]
Fix payload size for GATT Read by type request
Payload size for GATT Read by type request for UUID32 and UUID128
are incorrectly allocated. This leads to memory overflow when
Read by type request is sent for them and eventually results
in crash during free. This change makes sure that the payload
can accomodate upto 128 bit UUID.
This crash is observed while running TC_GAR_CL_BV_03_C Qual test
case.
Bug:
29011042
Change-Id: Ib2b41b769b394670099f4549f204e2972f7df876
(cherry picked from commit
7da98621a4dfa8196b8d20e8955ad508f540e5d9)