From 98397944b8ed1ccfe808c9442e5258dd30e086c6 Mon Sep 17 00:00:00 2001
From: Ting Zheng <ting.zheng@mediatek.com>
Date: Tue, 19 Jul 2016 15:29:19 -0700
Subject: [PATCH] bt address memory copy error in
 btif_av_state_opening_handler()

[Problem]
In btif_av_state_opening_handler() BTIF_AV_CONNECT_REQ_EVT
handling, it reported the wrong bt address. It happened when remote speaker
connected back and local also tried to initiate the connection almost at the
same time, so that A2dpStateMachine recognized mTargetDevice and mIncomingDevice
as two different deivices. When it was final connected, A2dpStateMachine ignored
the connected event as "ERROR: current, target, or mIncomingDevice not null in
Disconnected".

[Solution]
Modify (bt_bdaddr_t*)p_data to ((btif_av_connect_req_t *)p_data)->target_bda in
btif_av_state_opening_handler() BTIF_AV_CONNECT_REQ_EVT handling. In previous
design, it would copy the address of target_bda and uuid in
btif_av_connect_req_t rather than the real address pointed by target_bda.

Change-Id: Icbc5150016d6f75aa314b5d9e152a2de74f0cfbe
Signed-off-by: Ting Zheng <ting.zheng@mediatek.com>
---
 btif/src/btif_av.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/btif/src/btif_av.cc b/btif/src/btif_av.cc
index bcd779d80..b7fbd9118 100644
--- a/btif/src/btif_av.cc
+++ b/btif/src/btif_av.cc
@@ -554,7 +554,7 @@ static bool btif_av_state_opening_handler(btif_sm_event_t event, void* p_data) {
     case BTIF_AV_CONNECT_REQ_EVT:
       // Check for device, if same device which moved to opening then ignore
       // callback
-      if (memcmp((bt_bdaddr_t*)p_data, &(btif_av_cb.peer_bda),
+      if (memcmp(((btif_av_connect_req_t *)p_data)->target_bda, &(btif_av_cb.peer_bda),
                  sizeof(btif_av_cb.peer_bda)) == 0) {
         BTIF_TRACE_DEBUG(
             "%s: Same device moved to Opening state,ignore Connect Req",
@@ -565,7 +565,7 @@ static bool btif_av_state_opening_handler(btif_sm_event_t event, void* p_data) {
         BTIF_TRACE_DEBUG("%s: Moved from idle by Incoming Connection request",
                          __func__);
         btif_report_connection_state(BTAV_CONNECTION_STATE_DISCONNECTED,
-                                     (bt_bdaddr_t*)p_data);
+                                     ((btif_av_connect_req_t *)p_data)->target_bda);
         btif_queue_advance();
         break;
       }
-- 
2.11.0