| 1e8218e1c0fe90bfd9a45fcfd567c2043bbd061f |
|
15-Dec-2015 |
venkata Jagadeesh <vjagad@codeaurora.org> |
SDP: Restrict attribute length to SDP_MAX_ATTR_LEN
Use case:
Bluetooth crash during the SNS testing.
Root Cause:
In sdpu_build_partial_attrib_entry there is no length check, it can
exceed the maximum allowable value and lead to a crash in memcpy.
Fix:
Restrict remaining attribute length to SDP_MAX_ATTR_LEN
in sdpu_build_partial_attrib_entry.
Bug: 27852645
Change-Id: I5bde6868b82e50b3c09cf94277dabb4862f0a2a8
/system/bt/stack/sdp/sdp_utils.c
|
| 5fe6f0cf6b223e3ed6be4912d55b3ed5b41ce0cd |
|
06-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Removed checks for NULL returns after osi_calloc() / osi_malloc()
Removed explicit checks for NULL pointer returns after calls
to osi_calloc() and osi_malloc(), because those are not needed.
If the memory allocation fails, osi_calloc() and osi_malloc()
will trigger an assert.
Bug: 27048759
Change-Id: I2791eb2f69c08f991f8fcdef10e101a41568cd95
/system/bt/stack/sdp/sdp_utils.c
|
| abd70abb5e42c9431df94fe9d2c4a78a0d8d9af9 |
|
05-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Replaced osi_getbuf()/osi_freebuf() with osi_malloc()/osi_free()
Removed the alternative buffer allocation osi_getbuf() / osi_freebuf()
and use instead osi_malloc() / osi_free().
Correspondingly, replaced usage of osi_freebuf_and_reset()
with osi_free_and_reset().
Bug: 24914560
Change-Id: I7a9599ba7fa900321f087da684428133eb0ddd6b
/system/bt/stack/sdp/sdp_utils.c
|
| 20524d393e8b3bea4c573f7980cd843500b0e6a4 |
|
03-Feb-2016 |
Pavlin Radoslavov <pavlin@google.com> |
Refactor usage of osi_free() and osi_freebuf()
* Allow to call osi_freebuf(ptr) on NULL pointers. This simplifies
the code: a notable number of "if (foo != NULL)" checks are removed.
* Add new function osi_free_and_reset(p_ptr) that frees the buffer,
and explicitly resets the pointer to NULL.
This prevents unintended usage of free memory.
* Add corresponding function osi_freebuf_and_reset(p_ptr)
* Minor cleanup around usages of osi_free() and osi_freebuf()
Also:
* Removed unused function btif_gattc_cleanup()
* Replaced usage of the following functions with osi_freebuf_and_reset()
- mca_free_buf()
- utl_freebuf()
- btif_hl_free_buf()
* Replaced usage of rc_supported_event_free() with osi_freebuf()
* Replaced usage of btif_hl_get_buf() with osi_getbuf()
* Eliminate some of the osi_get_buf_size() calls
Bug: 22948224
Change-Id: Ife860658b26274da6f228d7353cb0f1531587337
/system/bt/stack/sdp/sdp_utils.c
|
| 78bcff79e1b1f0efce436b33bdd6da88745bfc8a |
|
05-Dec-2015 |
Pavlin Radoslavov <pavlin@google.com> |
Refactor the Bluetooth timers
* Updated the alarm API:
- Existing API alarm_new() is modified to take an alarm name
as an argument.
- New API alarm_new_periodic() is used to create a periodic
alarm.
- Added new API alarm_is_scheduled() to test whether an alarm is
scheduled.
- Existing API alarm_set_periodic() is removed: a periodic
alarm is created by alarm_new_periodic().
- Added new API alarm_set_on_queue() to set an alarm whose
callback is executed on a specific queue.
- Added new API alarm_register_processing_queue() and
alarm_unregister_processing_queue() to register/unregister
a queue and the corresponding thread for alarm processing.
- Added corresponding unit tests.
* Updated the alarm internals:
- Added alarm_info_t for collecting alarm-related information
and statistics.
- Collect and store alarm-related statistics into alarm_info_t
per alarm.
- Include the alarm-related statistics and info into the native
dumpsys output for Bluetooth.
- Once an alarm expires, the alarm execution is scheduled for
processing on another internal alarm-specific thread, not
on the thread that is maintaining the alarms.
- Implemented callback execution ordering guarantee among
timers on the same thread with exactly same timeout values.
* Refactor some of the usage of alarm_set() and simplify the
code by using alarm_set_on_queue() instead.
* Removed the non_repeating timers wrapper, and use directly
the alarm mechanism / API.
* Refactored all timer_entry_t timers and replaced them with alarm_t
timers:
- Replaced the btu_start_timer() / btu_stop_timer() /
btu_start_quick_timer() / btu_stop_quick_timer() /
btu_oneshot_alarm() mechanism with alarm_set_on_queue() and
alarm_cancel()
- Removed the whole mechanism around the BTU_TTYPE_* timers.
* Fixed a bug when processing the GATT indication confirmation timer
expiration (timer tGATT_TCB.conf_timer: b/26610829).
* Renamed and/or split misc. timeout functions, fields, and timers
* Renamed time-related constants and changed the values from seconds
to milliseconds
* Replaced timer tAVDT_CCB.timer_entry with three mutually exclusive timers:
idle_ccb_timer, ret_ccb_timer, rsp_ccb_timer
The reason we are using three timers, is because in the original code
function avdt_ccb_chk_timer() used the timer type in its logic: it
would stop the timer only if the type is "idle".
* Removed btm_ble_timeout() and replaced it with multiple timeout
callback functions (per timer)
* Fix the actual value of the global constant BT_1SEC_TIMEOUT and
rename it to BT_1SEC_TIMEOUT_MS
* Removed btu_cb and associated timers and events, because they are
never used.
* Removed unused timers, functions, struct and declarations that are
not used / needed.
Bug: 26611369
Bug: 26610829
Change-Id: I812c8c31710a5daefc58b01fcf35c353768f390f
/system/bt/stack/sdp/sdp_utils.c
|
| 258c2538e3b62a8cdb403f2730c45d721e5292b4 |
|
28-Sep-2015 |
Pavlin Radoslavov <pavlin@google.com> |
GKI cleanup - moved GKI buffer allocation wrappers to OSI
* Moved the following GKI buffer allocation functions to OSI:
- GKI_getbuf() -> osi_getbuf()
- GKI_freebuf() -> osi_freebuf()
- GKI_get_buf_size() -> osi_get_buf_size()
For now we need the osi_getbuf() / osi_freebuf() allocation wrapper,
because we need to be able to call osi_get_buf_size() on the allocated
buffer.
In the future those should be replaced with osi_malloc() / osi_free().
Currently, the osi_malloc() buffer size internal allocation tracker
does not always track the size, hence we need the osi_getbuf() wrapper.
* Replaced GKI_MAX_BUF_SIZE with BT_DEFAULT_BUFFER_SIZE
* Added new file include/bt_common.h that can be usee to include
few files that should be included alost everywhere (e.g. bt_target.h"
NOTE: This file might be removed in the future and we should include
everywhere the right set of header files.
* Removed some of the GKI-related references
* Removed file include/gki_target.h
Change-Id: Ie87830e73143de200746d54235aa99f228a95024
/system/bt/stack/sdp/sdp_utils.c
|
| 2e3d006b96eafb0651fe7f78d28250faf89405de |
|
18-Sep-2015 |
Pavlin Radoslavov <pavlin@google.com> |
GKI cleanup - Eliminate usage of pool buffers
* Replace usage of function GKI_getpoolbuf() with GKI_getbuf()
* Remove usage of function GKI_poolutilization()
* Remove usage of function GKI_poolfreecount()
Change-Id: Ide938192b878bbfb4912642c903fce548f2b5368
/system/bt/stack/sdp/sdp_utils.c
|
| ceab48b8a0ec53ee263fa3609a1c48845ed34c64 |
|
07-Jul-2015 |
Srinu Jella <sjella@codeaurora.org> |
am 42f37840: SDP: Validate input UUID\'s length
* commit '42f37840a891eddfee0943fbdf84c2e4f0d765c5':
SDP: Validate input UUID's length
|
| 42f37840a891eddfee0943fbdf84c2e4f0d765c5 |
|
24-Jul-2014 |
Srinu Jella <sjella@codeaurora.org> |
SDP: Validate input UUID's length
Use case: Crash observed during BT IOT testing
1. Try to pair to the remote device.
2. Connect to the remote device's audio profiles.
3. Remote device has given the wrong UUID's length.This will leads to crash.
Failure: crash observed during profile connection
Root cause: Remote sent invalid UUID length,which is causing crash
in comparison logic.
Fix: Validate input UUID's length before going for actual comparison.
Bug: 19417758
Change-Id: I8216d17e3f6cc22dfbeca4b31972b5b5584a73ea
/system/bt/stack/sdp/sdp_utils.c
|
| f36c249fdcd7faf4b20501bc8925dd4da112aa02 |
|
23-Jun-2015 |
Srinu Jella <sjella@codeaurora.org> |
am a3dbe938: NULL pointer check in sdpu_build_attrib_entry
* commit 'a3dbe938e519dfbdbfd121b8d7a8473cccfd3e70':
NULL pointer check in sdpu_build_attrib_entry
|
| a3dbe938e519dfbdbfd121b8d7a8473cccfd3e70 |
|
18-Jun-2014 |
Srinu Jella <sjella@codeaurora.org> |
NULL pointer check in sdpu_build_attrib_entry
Use case: NULL pointer check in sdpu_build_attrib_entry
Crash observed during BT stability test
Failure: Crash observed while accessing p_attr->value_ptr
Root cause: There is no null check for p_attr->value_ptr while
accessing it in sdpu_build_attrib_entry
Fix: Fixing this issue by adding null check for p_attr->value_ptr
while accessing it in sdpu_build_attrib_entry
Bug: 21896912
Change-Id: I1dd352a33ff6f86add7d1b1bfdf240d1b7992b83
/system/bt/stack/sdp/sdp_utils.c
|
| bb95452741bfd65723ea417c25dbd326c7568ab7 |
|
03-Jun-2015 |
Arman Uguray <armansito@google.com> |
build: Fix ptr <-> integer cast warnings
This CL removes the -Wno-pointer-to-integer-cast and
-Wno-integer-to-pointer-cast flags from GN build files. The resulting errors
were fixed using the following:
1. All ptr <-> integer casts are now done by using the new
PTR_TO_INT/INT_TO_PTR macros defined in osi.h
2. The TIMER_PARAM_TYPE macro, defined in gki/common/gki.h and
include/bt_target.h have been redefined as void* rather than UINT32. This
is better, since "void*" can act as a simple container without any
precision loss that would be caused by a type such as UINT32 on 64-bit
systems. void* inherently is a safer container for all pointer types but
UINT32 isn't.
BUG=21570302
Change-Id: I4a82c4a40c91caa31e372382c40d424be220cbe3
/system/bt/stack/sdp/sdp_utils.c
|
| 4540f59bc447dc2b7b31a3e974b74a60b2417e7d |
|
05-Feb-2015 |
VenkatRaghavan VijayaRaghavan <venkatrv@broadcom.com> |
Static code analysis cleanups and minor bug fixes
- Fix for initializing all the un-initialized variables
- Handling system call failure like socket,fcntl etc...
- In btpan_tap_close validate tap_if_down and close the socket.
- Invalid memset size, which could have potential memory issue
- Change -1 to INVALID_FD where appropriate
Bug: 19417758
Change-Id: Id31832f8678b2d72c80740c29b946a94e7ae0197
/system/bt/stack/sdp/sdp_utils.c
|
| a51c9d9d225e41fe36a0133f1c17fd981ea59c1d |
|
04-May-2014 |
Sharvil Nanavati <sharvil@google.com> |
Logging cleanup: L2CAP and SDP.
Change-Id: I62b5d4f330312dc466a758cb554952017f899696
/system/bt/stack/sdp/sdp_utils.c
|
| ead3cde4bac0c3e32cd31f149093f004eef8ceeb |
|
06-Feb-2013 |
Ganesh Ganapathi Batta <ganeshg@broadcom.com> |
Initial version of BLE support for Bluedroid
Change-Id: I9825a5cef9be2559c34c2a529b211b7d471147cf
/system/bt/stack/sdp/sdp_utils.c
|
| 5738f83aeb59361a0a2eda2460113f6dc9194271 |
|
13-Dec-2012 |
The Android Open Source Project <initial-contribution@android.com> |
Snapshot cdeccf6fdd8c2d494ea2867cb37a025bf8879baf
Change-Id: Ia2de32ccb97a9641462c72363b0a8c4288f4f36d
/system/bt/stack/sdp/sdp_utils.c
|