From f8fc7f7d112d5ff2064aaaa3c7fceb077169183e Mon Sep 17 00:00:00 2001 From: Pavlin Radoslavov Date: Mon, 17 Jul 2017 17:21:16 -0700 Subject: [PATCH] Free p_pending_data from tBNEP_CONN to avoid potential memory leaks Bug: 63146105 Test: External script Change-Id: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca Merged-In: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca (cherry picked from commit 4982eb5df30cbcbee5c8b8807be95fdc6dfa63c5) (cherry picked from commit a654681c5558904a8abfa1bbab8eafb651c13231) (cherry picked from commit 64a12d3b6e71d9161837f28ce18c34d924c2bafc) (cherry picked from commit 8f18afd26c02ae3d46bf14d6e36017965dee0394) --- stack/bnep/bnep_main.c | 1 + stack/bnep/bnep_utils.c | 1 + 2 files changed, 2 insertions(+) diff --git a/stack/bnep/bnep_main.c b/stack/bnep/bnep_main.c index 6d3684e48..36b76a1e0 100644 --- a/stack/bnep/bnep_main.c +++ b/stack/bnep/bnep_main.c @@ -575,6 +575,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p && rem_len) { + osi_free(p_bcb->p_pending_data); p_bcb->p_pending_data = (BT_HDR *)osi_malloc(rem_len + sizeof(BT_HDR)); memcpy((UINT8 *)(p_bcb->p_pending_data + 1), p, rem_len); p_bcb->p_pending_data->len = rem_len; diff --git a/stack/bnep/bnep_utils.c b/stack/bnep/bnep_utils.c index f11c6c85e..a0c884677 100644 --- a/stack/bnep/bnep_utils.c +++ b/stack/bnep/bnep_utils.c @@ -154,6 +154,7 @@ void bnepu_release_bcb (tBNEP_CONN *p_bcb) /* Drop any response pointer we may be holding */ p_bcb->con_state = BNEP_STATE_IDLE; + osi_free(p_bcb->p_pending_data); p_bcb->p_pending_data = NULL; /* Free transmit queue */ -- 2.11.0