From c6879c3fe5833b5198255126342185e45929c577 Mon Sep 17 00:00:00 2001
From: "li-wei.cheng" <li-wei.cheng@mediatek.com>
Date: Mon, 20 Jan 2020 15:27:21 +0800
Subject: [PATCH] Return after removing sample LTK device

Return directly after calling bta_dm_remove_device to
prevent from accessing the invalid security record (p_dev_rec).

Test: Hardcode to test bond with sample key
Tag: #security
Bug: 162497143
Change-Id: Iaa59f3c415dd8066849fd70912fdb83f890229d7
Merged-In: Iaa59f3c415dd8066849fd70912fdb83f890229d7
---
 stack/btm/btm_sec.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index b7c2bd240..f94f81fcf 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -4696,6 +4696,7 @@ void btm_sec_disconnected(uint16_t handle, uint8_t reason) {
     tBTA_DM_MSG p_data;
     memcpy(p_data.remove_dev.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
     bta_dm_remove_device(&p_data);
+    return;
   }
 
   if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING_BOTH) {
-- 
2.11.0