From 7678dcacd8e9e7a369a66b6ade933e03617b3072 Mon Sep 17 00:00:00 2001
From: liuchao <liuchao741@huawei.com>
Date: Mon, 5 Dec 2016 16:24:04 +0800
Subject: [PATCH] Fix invvalid lcid check in mca_tc_tbl_by_lcid()

This fixes a potential bug when (lcid - L2CAP_BASE_APPL_CID)
is used as an array index.

Test: mm -j 8
Change-Id: I7f917bf66e4002f65cf1c0bec02eff7d39181790
---
 stack/mcap/mca_main.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stack/mcap/mca_main.cc b/stack/mcap/mca_main.cc
index a292c9af3..5db467d98 100644
--- a/stack/mcap/mca_main.cc
+++ b/stack/mcap/mca_main.cc
@@ -190,7 +190,7 @@ tMCA_TC_TBL* mca_tc_tbl_dalloc(tMCA_DCB* p_dcb) {
 tMCA_TC_TBL* mca_tc_tbl_by_lcid(uint16_t lcid) {
   uint8_t idx;
 
-  if (lcid) {
+  if (lcid >= L2CAP_BASE_APPL_CID) {
     idx = mca_cb.tc.lcid_tbl[lcid - L2CAP_BASE_APPL_CID];
 
     if (idx < MCA_NUM_TC_TBL) {
@@ -213,7 +213,7 @@ tMCA_TC_TBL* mca_tc_tbl_by_lcid(uint16_t lcid) {
 void mca_free_tc_tbl_by_lcid(uint16_t lcid) {
   uint8_t idx;
 
-  if (lcid) {
+  if (lcid >= L2CAP_BASE_APPL_CID) {
     idx = mca_cb.tc.lcid_tbl[lcid - L2CAP_BASE_APPL_CID];
 
     if (idx < MCA_NUM_TC_TBL) {
-- 
2.11.0