DO NOT MERGE Fix unexpected behavior in bta_dm_sdp_result

author Hansong Zhang <hsz@google.com>

Mon, 2 Apr 2018 16:29:49 +0000 (09:29 -0700)

committer Rohit Yengisetty <rngy@google.com>

Wed, 18 Apr 2018 00:47:03 +0000 (17:47 -0700)
author Hansong Zhang <hsz@google.com>
Mon, 2 Apr 2018 16:29:49 +0000 (09:29 -0700)
committer Rohit Yengisetty <rngy@google.com>
Wed, 18 Apr 2018 00:47:03 +0000 (17:47 -0700)
diff --git a/bta/dm/bta_dm_act.c b/bta/dm/bta_dm_act.c

index 1bf741d..9b7748c 100644 (file)
--- a/bta/dm/bta_dm_act.c
+++ b/bta/dm/bta_dm_act.c
@@ -26,6 +26,7 @@
  #define LOG_TAG "bt_bta_dm"
  
  #include <assert.h>
+#include <cutils/log.h>
  #include <string.h>
  
  #include "bt_target.h"
@@ -130,6 +131,8 @@ static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
  #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
  #endif
  
+#define BTA_MAX_SERVICES 32
+
  static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr);
  static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr);
  static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir);
@@ -1601,7 +1604,7 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data)
  #endif
  
      UINT32 num_uuids = 0;
-    UINT8  uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services
+    UINT8  uuid_list[BTA_MAX_SERVICES][MAX_UUID_SIZE]; // assuming a max of 32 services
  
      if((p_data->sdp_event.sdp_result == SDP_SUCCESS)
          || (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH)
@@ -1679,8 +1682,12 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data)
                              (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index-1));
                          tmp_svc = bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index-1];
                          /* Add to the list of UUIDs */
-                        sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
-                        num_uuids++;
+                        if (num_uuids < BTA_MAX_SERVICES) {
+                            sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
+                            num_uuids++;
+                        } else {
+                            android_errorWriteLog(0x534e4554, "74016921");
+                        }
                      }
                  }
              }
@@ -1719,8 +1726,12 @@ void bta_dm_sdp_result (tBTA_DM_MSG *p_data)
                  {
                      if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid))
                      {
-                        memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
-                        num_uuids++;
+                        if (num_uuids < BTA_MAX_SERVICES) {
+                            memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
+                            num_uuids++;
+                        } else {
+                            android_errorWriteLog(0x534e4554, "74016921");
+                        }
                      }
                  }
              } while (p_sdp_rec);
author	Hansong Zhang <hsz@google.com>
	Mon, 2 Apr 2018 16:29:49 +0000 (09:29 -0700)
committer	Rohit Yengisetty <rngy@google.com>
	Wed, 18 Apr 2018 00:47:03 +0000 (17:47 -0700)