From e4020c28c8a9dc56f927b03a8ca3a17d9401bc1e Mon Sep 17 00:00:00 2001 From: Andre Eisenbach Date: Fri, 17 May 2013 13:39:51 -0700 Subject: [PATCH] LE: Add NULL pointer check in deep copy function Adds a NULL pointer check for the GATT read event deep copy function. Change-Id: Ia8d31e851589612009e1038c11b7b113e5367c6d --- btif/src/btif_gatt_client.c | 37 ++++++++++++++++++++++++------------- btif/src/btif_gatt_util.c | 2 +- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/btif/src/btif_gatt_client.c b/btif/src/btif_gatt_client.c index 7418f9d..3b57b50 100644 --- a/btif/src/btif_gatt_client.c +++ b/btif/src/btif_gatt_client.c @@ -162,27 +162,38 @@ static void btapp_gattc_req_data(UINT16 event, char *p_dest, char *p_src) { case BTA_GATTC_READ_CHAR_EVT: case BTA_GATTC_READ_DESCR_EVT: - p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL)); - if (p_dest_data->read.p_value != NULL) + if (p_src_data->read.p_value != NULL) { - memcpy(p_dest_data->read.p_value, p_src_data->read.p_value, - sizeof(tBTA_GATT_READ_VAL)); + p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL)); - // Allocate buffer for att value if necessary - if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT - && p_src_data->read.p_value->unformat.p_value != NULL) + if (p_dest_data->read.p_value != NULL) { - p_dest_data->read.p_value->unformat.p_value = - GKI_getbuf(p_src_data->read.p_value->unformat.len); - if (p_dest_data->read.p_value->unformat.p_value != NULL) + memcpy(p_dest_data->read.p_value, p_src_data->read.p_value, + sizeof(tBTA_GATT_READ_VAL)); + + // Allocate buffer for att value if necessary + if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT + && p_src_data->read.p_value->unformat.p_value != NULL) { - memcpy(p_dest_data->read.p_value->unformat.p_value, - p_src_data->read.p_value->unformat.p_value, - p_src_data->read.p_value->unformat.len); + p_dest_data->read.p_value->unformat.p_value = + GKI_getbuf(p_src_data->read.p_value->unformat.len); + if (p_dest_data->read.p_value->unformat.p_value != NULL) + { + memcpy(p_dest_data->read.p_value->unformat.p_value, + p_src_data->read.p_value->unformat.p_value, + p_src_data->read.p_value->unformat.len); + } } } } + else + { + BTIF_TRACE_WARNING2("%s :Src read.p_value ptr is NULL for event 0x%x", + __FUNCTION__, event); + p_dest_data->read.p_value = NULL; + + } break; default: diff --git a/btif/src/btif_gatt_util.c b/btif/src/btif_gatt_util.c index 3775776..d07c737 100644 --- a/btif/src/btif_gatt_util.c +++ b/btif/src/btif_gatt_util.c @@ -240,7 +240,7 @@ uint16_t set_read_value(btgatt_read_params_t *p_dest, tBTA_GATTC_READ *p_src) break; default: - if ( p_src->status == BTA_GATT_OK ) + if (( p_src->status == BTA_GATT_OK ) &&(p_src->p_value != NULL)) { ALOGI("%s unformat.len = %d ", __FUNCTION__, p_src->p_value->unformat.len); p_dest->value.len = p_src->p_value->unformat.len; -- 2.11.0