From 011c658b876ea7ca0e0d4b77857dd7160687daad Mon Sep 17 00:00:00 2001 From: "Mike J. Chen" Date: Wed, 25 Jun 2014 18:07:03 -0700 Subject: [PATCH] Fix bug with get report completion due to uninitialized structure When LE has received a get report response, it needs to create a packet to send to the btif_hh_upstreams_evt() handler that does callback invocation. The packet it allocated was not fully initialized. Specifically, the offset field was not set, which is used by btif_hh_upstreams_evt() to figure out where in the data buffer the start of the returned data is. The uninitialized offset causes garbage to be returned for anyone using GetReport/SetReport APIs on an LE device. Change-Id: I4644cd8d6d38308c35b50f99139306a77200d7cd Signed-off-by: Mike J. Chen --- bta/hh/bta_hh_le.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bta/hh/bta_hh_le.c b/bta/hh/bta_hh_le.c index 34447a5aa..d10f061f5 100644 --- a/bta/hh/bta_hh_le.c +++ b/bta/hh/bta_hh_le.c @@ -500,7 +500,7 @@ tBTA_HH_LE_RPT * bta_hh_le_find_rpt_by_idtype(tBTA_HH_LE_RPT*p_head, UINT8 mode, UINT8 i; #if BTA_HH_DEBUG == TRUE - APPL_TRACE_DEBUG2("bta_hh_le_find_rpt_by_idtype: r_tpye: %d rpt_id: %d", r_type, rpt_id); + APPL_TRACE_DEBUG2("bta_hh_le_find_rpt_by_idtype: r_type: %d rpt_id: %d", r_type, rpt_id); #endif for (i = 0 ; i < BTA_HH_LE_RPT_MAX; i ++, p_rpt++) @@ -1828,6 +1828,7 @@ void bta_hh_le_proc_get_rpt_cmpl(tBTA_HH_DEV_CB *p_dev_cb, tBTA_GATTC_READ *p_da hs_data.status = BTA_HH_OK; p_buf->len = p_data->p_value->unformat.len + 1; p_buf->layer_specific = 0; + p_buf->offset = 0; /* attach report ID as the first byte of the report before sending it to USB HID driver */ pp = (UINT8*)(p_buf + 1); -- 2.11.0