1e8218e1c0fe90bfd9a45fcfd567c2043bbd061f |
|
15-Dec-2015 |
venkata Jagadeesh <vjagad@codeaurora.org> |
SDP: Restrict attribute length to SDP_MAX_ATTR_LEN Use case: Bluetooth crash during the SNS testing. Root Cause: In sdpu_build_partial_attrib_entry there is no length check, it can exceed the maximum allowable value and lead to a crash in memcpy. Fix: Restrict remaining attribute length to SDP_MAX_ATTR_LEN in sdpu_build_partial_attrib_entry. Bug: 27852645 Change-Id: I5bde6868b82e50b3c09cf94277dabb4862f0a2a8
/system/bt/stack/sdp/sdp_utils.c
|
5fe6f0cf6b223e3ed6be4912d55b3ed5b41ce0cd |
|
06-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Removed checks for NULL returns after osi_calloc() / osi_malloc() Removed explicit checks for NULL pointer returns after calls to osi_calloc() and osi_malloc(), because those are not needed. If the memory allocation fails, osi_calloc() and osi_malloc() will trigger an assert. Bug: 27048759 Change-Id: I2791eb2f69c08f991f8fcdef10e101a41568cd95
/system/bt/stack/sdp/sdp_utils.c
|
abd70abb5e42c9431df94fe9d2c4a78a0d8d9af9 |
|
05-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Replaced osi_getbuf()/osi_freebuf() with osi_malloc()/osi_free() Removed the alternative buffer allocation osi_getbuf() / osi_freebuf() and use instead osi_malloc() / osi_free(). Correspondingly, replaced usage of osi_freebuf_and_reset() with osi_free_and_reset(). Bug: 24914560 Change-Id: I7a9599ba7fa900321f087da684428133eb0ddd6b
/system/bt/stack/sdp/sdp_utils.c
|
20524d393e8b3bea4c573f7980cd843500b0e6a4 |
|
03-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Refactor usage of osi_free() and osi_freebuf() * Allow to call osi_freebuf(ptr) on NULL pointers. This simplifies the code: a notable number of "if (foo != NULL)" checks are removed. * Add new function osi_free_and_reset(p_ptr) that frees the buffer, and explicitly resets the pointer to NULL. This prevents unintended usage of free memory. * Add corresponding function osi_freebuf_and_reset(p_ptr) * Minor cleanup around usages of osi_free() and osi_freebuf() Also: * Removed unused function btif_gattc_cleanup() * Replaced usage of the following functions with osi_freebuf_and_reset() - mca_free_buf() - utl_freebuf() - btif_hl_free_buf() * Replaced usage of rc_supported_event_free() with osi_freebuf() * Replaced usage of btif_hl_get_buf() with osi_getbuf() * Eliminate some of the osi_get_buf_size() calls Bug: 22948224 Change-Id: Ife860658b26274da6f228d7353cb0f1531587337
/system/bt/stack/sdp/sdp_utils.c
|
78bcff79e1b1f0efce436b33bdd6da88745bfc8a |
|
05-Dec-2015 |
Pavlin Radoslavov <pavlin@google.com> |
Refactor the Bluetooth timers * Updated the alarm API: - Existing API alarm_new() is modified to take an alarm name as an argument. - New API alarm_new_periodic() is used to create a periodic alarm. - Added new API alarm_is_scheduled() to test whether an alarm is scheduled. - Existing API alarm_set_periodic() is removed: a periodic alarm is created by alarm_new_periodic(). - Added new API alarm_set_on_queue() to set an alarm whose callback is executed on a specific queue. - Added new API alarm_register_processing_queue() and alarm_unregister_processing_queue() to register/unregister a queue and the corresponding thread for alarm processing. - Added corresponding unit tests. * Updated the alarm internals: - Added alarm_info_t for collecting alarm-related information and statistics. - Collect and store alarm-related statistics into alarm_info_t per alarm. - Include the alarm-related statistics and info into the native dumpsys output for Bluetooth. - Once an alarm expires, the alarm execution is scheduled for processing on another internal alarm-specific thread, not on the thread that is maintaining the alarms. - Implemented callback execution ordering guarantee among timers on the same thread with exactly same timeout values. * Refactor some of the usage of alarm_set() and simplify the code by using alarm_set_on_queue() instead. * Removed the non_repeating timers wrapper, and use directly the alarm mechanism / API. * Refactored all timer_entry_t timers and replaced them with alarm_t timers: - Replaced the btu_start_timer() / btu_stop_timer() / btu_start_quick_timer() / btu_stop_quick_timer() / btu_oneshot_alarm() mechanism with alarm_set_on_queue() and alarm_cancel() - Removed the whole mechanism around the BTU_TTYPE_* timers. * Fixed a bug when processing the GATT indication confirmation timer expiration (timer tGATT_TCB.conf_timer: b/26610829). * Renamed and/or split misc. timeout functions, fields, and timers * Renamed time-related constants and changed the values from seconds to milliseconds * Replaced timer tAVDT_CCB.timer_entry with three mutually exclusive timers: idle_ccb_timer, ret_ccb_timer, rsp_ccb_timer The reason we are using three timers, is because in the original code function avdt_ccb_chk_timer() used the timer type in its logic: it would stop the timer only if the type is "idle". * Removed btm_ble_timeout() and replaced it with multiple timeout callback functions (per timer) * Fix the actual value of the global constant BT_1SEC_TIMEOUT and rename it to BT_1SEC_TIMEOUT_MS * Removed btu_cb and associated timers and events, because they are never used. * Removed unused timers, functions, struct and declarations that are not used / needed. Bug: 26611369 Bug: 26610829 Change-Id: I812c8c31710a5daefc58b01fcf35c353768f390f
/system/bt/stack/sdp/sdp_utils.c
|
258c2538e3b62a8cdb403f2730c45d721e5292b4 |
|
28-Sep-2015 |
Pavlin Radoslavov <pavlin@google.com> |
GKI cleanup - moved GKI buffer allocation wrappers to OSI * Moved the following GKI buffer allocation functions to OSI: - GKI_getbuf() -> osi_getbuf() - GKI_freebuf() -> osi_freebuf() - GKI_get_buf_size() -> osi_get_buf_size() For now we need the osi_getbuf() / osi_freebuf() allocation wrapper, because we need to be able to call osi_get_buf_size() on the allocated buffer. In the future those should be replaced with osi_malloc() / osi_free(). Currently, the osi_malloc() buffer size internal allocation tracker does not always track the size, hence we need the osi_getbuf() wrapper. * Replaced GKI_MAX_BUF_SIZE with BT_DEFAULT_BUFFER_SIZE * Added new file include/bt_common.h that can be usee to include few files that should be included alost everywhere (e.g. bt_target.h" NOTE: This file might be removed in the future and we should include everywhere the right set of header files. * Removed some of the GKI-related references * Removed file include/gki_target.h Change-Id: Ie87830e73143de200746d54235aa99f228a95024
/system/bt/stack/sdp/sdp_utils.c
|
2e3d006b96eafb0651fe7f78d28250faf89405de |
|
18-Sep-2015 |
Pavlin Radoslavov <pavlin@google.com> |
GKI cleanup - Eliminate usage of pool buffers * Replace usage of function GKI_getpoolbuf() with GKI_getbuf() * Remove usage of function GKI_poolutilization() * Remove usage of function GKI_poolfreecount() Change-Id: Ide938192b878bbfb4912642c903fce548f2b5368
/system/bt/stack/sdp/sdp_utils.c
|
ceab48b8a0ec53ee263fa3609a1c48845ed34c64 |
|
07-Jul-2015 |
Srinu Jella <sjella@codeaurora.org> |
am 42f37840: SDP: Validate input UUID\'s length * commit '42f37840a891eddfee0943fbdf84c2e4f0d765c5': SDP: Validate input UUID's length
|
42f37840a891eddfee0943fbdf84c2e4f0d765c5 |
|
24-Jul-2014 |
Srinu Jella <sjella@codeaurora.org> |
SDP: Validate input UUID's length Use case: Crash observed during BT IOT testing 1. Try to pair to the remote device. 2. Connect to the remote device's audio profiles. 3. Remote device has given the wrong UUID's length.This will leads to crash. Failure: crash observed during profile connection Root cause: Remote sent invalid UUID length,which is causing crash in comparison logic. Fix: Validate input UUID's length before going for actual comparison. Bug: 19417758 Change-Id: I8216d17e3f6cc22dfbeca4b31972b5b5584a73ea
/system/bt/stack/sdp/sdp_utils.c
|
f36c249fdcd7faf4b20501bc8925dd4da112aa02 |
|
23-Jun-2015 |
Srinu Jella <sjella@codeaurora.org> |
am a3dbe938: NULL pointer check in sdpu_build_attrib_entry * commit 'a3dbe938e519dfbdbfd121b8d7a8473cccfd3e70': NULL pointer check in sdpu_build_attrib_entry
|
a3dbe938e519dfbdbfd121b8d7a8473cccfd3e70 |
|
18-Jun-2014 |
Srinu Jella <sjella@codeaurora.org> |
NULL pointer check in sdpu_build_attrib_entry Use case: NULL pointer check in sdpu_build_attrib_entry Crash observed during BT stability test Failure: Crash observed while accessing p_attr->value_ptr Root cause: There is no null check for p_attr->value_ptr while accessing it in sdpu_build_attrib_entry Fix: Fixing this issue by adding null check for p_attr->value_ptr while accessing it in sdpu_build_attrib_entry Bug: 21896912 Change-Id: I1dd352a33ff6f86add7d1b1bfdf240d1b7992b83
/system/bt/stack/sdp/sdp_utils.c
|
bb95452741bfd65723ea417c25dbd326c7568ab7 |
|
03-Jun-2015 |
Arman Uguray <armansito@google.com> |
build: Fix ptr <-> integer cast warnings This CL removes the -Wno-pointer-to-integer-cast and -Wno-integer-to-pointer-cast flags from GN build files. The resulting errors were fixed using the following: 1. All ptr <-> integer casts are now done by using the new PTR_TO_INT/INT_TO_PTR macros defined in osi.h 2. The TIMER_PARAM_TYPE macro, defined in gki/common/gki.h and include/bt_target.h have been redefined as void* rather than UINT32. This is better, since "void*" can act as a simple container without any precision loss that would be caused by a type such as UINT32 on 64-bit systems. void* inherently is a safer container for all pointer types but UINT32 isn't. BUG=21570302 Change-Id: I4a82c4a40c91caa31e372382c40d424be220cbe3
/system/bt/stack/sdp/sdp_utils.c
|
4540f59bc447dc2b7b31a3e974b74a60b2417e7d |
|
05-Feb-2015 |
VenkatRaghavan VijayaRaghavan <venkatrv@broadcom.com> |
Static code analysis cleanups and minor bug fixes - Fix for initializing all the un-initialized variables - Handling system call failure like socket,fcntl etc... - In btpan_tap_close validate tap_if_down and close the socket. - Invalid memset size, which could have potential memory issue - Change -1 to INVALID_FD where appropriate Bug: 19417758 Change-Id: Id31832f8678b2d72c80740c29b946a94e7ae0197
/system/bt/stack/sdp/sdp_utils.c
|
a51c9d9d225e41fe36a0133f1c17fd981ea59c1d |
|
04-May-2014 |
Sharvil Nanavati <sharvil@google.com> |
Logging cleanup: L2CAP and SDP. Change-Id: I62b5d4f330312dc466a758cb554952017f899696
/system/bt/stack/sdp/sdp_utils.c
|
ead3cde4bac0c3e32cd31f149093f004eef8ceeb |
|
06-Feb-2013 |
Ganesh Ganapathi Batta <ganeshg@broadcom.com> |
Initial version of BLE support for Bluedroid Change-Id: I9825a5cef9be2559c34c2a529b211b7d471147cf
/system/bt/stack/sdp/sdp_utils.c
|
5738f83aeb59361a0a2eda2460113f6dc9194271 |
|
13-Dec-2012 |
The Android Open Source Project <initial-contribution@android.com> |
Snapshot cdeccf6fdd8c2d494ea2867cb37a025bf8879baf Change-Id: Ia2de32ccb97a9641462c72363b0a8c4288f4f36d
/system/bt/stack/sdp/sdp_utils.c
|