From 95664a9acc57b5e51365454f26d2fac0f2e1ecd4 Mon Sep 17 00:00:00 2001 From: Kausik Sinnaswamy Date: Fri, 3 May 2013 15:02:50 +0530 Subject: [PATCH] Fix for SDP data structure leak during pairing During pairing, bluedroid initiates a SDP request to search services. Upon SDP completion, some data structure buffers were not returned to the pool resulting in leak. Bug : 8797456 Change-Id: Ic512fd22ca6b8b748c5b92c02e24016fe785c0b1 --- btif/src/btif_dm.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/btif/src/btif_dm.c b/btif/src/btif_dm.c index 5a7cccd..3854ebd 100644 --- a/btif/src/btif_dm.c +++ b/btif/src/btif_dm.c @@ -586,12 +586,20 @@ static void search_services_copy_cb(UINT16 event, char *p_dest, char *p_src) { case BTA_DM_DISC_RES_EVT: { - if ((p_src_data->disc_res.result == BTA_SUCCESS) && - (p_src_data->disc_res.num_uuids > 0)) + if (p_src_data->disc_res.result == BTA_SUCCESS) { - p_dest_data->disc_res.p_uuid_list = (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH)); - memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list, - p_src_data->disc_res.num_uuids*MAX_UUID_SIZE); + if (p_src_data->disc_res.num_uuids > 0) + { + p_dest_data->disc_res.p_uuid_list = + (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH)); + memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list, + p_src_data->disc_res.num_uuids*MAX_UUID_SIZE); + GKI_freebuf(p_src_data->disc_res.p_uuid_list); + } + if (p_src_data->disc_res.p_raw_data != NULL) + { + GKI_freebuf(p_src_data->disc_res.p_raw_data); + } } } break; } -- 2.11.0