From 62e6c14cde2746d51d685290706ce23c5a29f418 Mon Sep 17 00:00:00 2001 From: Srinu Jella Date: Wed, 25 Mar 2015 13:06:38 +0530 Subject: [PATCH] Add null checks for L2CAP socket callback Use Case: Bluetooth process crashed while sending the file to remote device. Steps: Send a file over L2CAP (OBEX over L2CAP) to remote device Failure: BT process will crash and restarted automatically Root Cause: L2CAP socket callback reset to null on error condition, and when other function try to dereference it, this leads to BT crash. Fix: Added null checks for L2CAP socket callback Change-Id: I2e4f20278fcc8a09bd4dbd507a6c4147e0de93c1 --- bta/jv/bta_jv_act.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/bta/jv/bta_jv_act.c b/bta/jv/bta_jv_act.c index 96642ddef..2b8d22656 100644 --- a/bta/jv/bta_jv_act.c +++ b/bta/jv/bta_jv_act.c @@ -1115,7 +1115,8 @@ void bta_jv_l2cap_connect(tBTA_JV_MSG *p_data) } evt_data.handle = handle; - cc->p_cback(BTA_JV_L2CAP_CL_INIT_EVT, (tBTA_JV *)&evt_data, cc->user_data); + if(cc->p_cback) + cc->p_cback(BTA_JV_L2CAP_CL_INIT_EVT, (tBTA_JV *)&evt_data, cc->user_data); } @@ -1280,7 +1281,8 @@ void bta_jv_l2cap_start_server(tBTA_JV_MSG *p_data) p_cb->psm = ls->local_psm; } - ls->p_cback(BTA_JV_L2CAP_START_EVT, (tBTA_JV *)&evt_data, ls->user_data); + if(ls->p_cback) + ls->p_cback(BTA_JV_L2CAP_START_EVT, (tBTA_JV *)&evt_data, ls->user_data); } /******************************************************************************* @@ -1309,7 +1311,8 @@ void bta_jv_l2cap_stop_server(tBTA_JV_MSG *p_data) evt_data.handle = p_cb->handle; evt_data.status = bta_jv_free_l2c_cb(p_cb); evt_data.async = false; - p_cback(BTA_JV_L2CAP_CLOSE_EVT, (tBTA_JV *)&evt_data, user_data); + if(p_cback) + p_cback(BTA_JV_L2CAP_CLOSE_EVT, (tBTA_JV *)&evt_data, user_data); break; } } -- 2.11.0