commit e4020c28c8a9dc56f927b03a8ca3a17d9401bc1e
author Andre Eisenbach <andre@broadcom.com> Fri May 17 13:39:51 2013 -0700
committer Matthew Xie <mattx@google.com> Wed Aug 14 00:36:32 2013 +0000
tree c69addf940dc537018d593c740e81af84451ffa2
parent 5f63da7ae32d35c42281b999f63e544fec2b705e

LE: Add NULL pointer check in deep copy function

Adds a NULL pointer check for the GATT read event deep copy function.

Change-Id: Ia8d31e851589612009e1038c11b7b113e5367c6d

btif/src/btif_gatt_client.c

diff --git a/btif/src/btif_gatt_client.c b/btif/src/btif_gatt_client.c
index 7418f9d..3b57b50 100644
--- a/btif/src/btif_gatt_client.c
+++ b/btif/src/btif_gatt_client.c
@@ -162,27 +162,38 @@
     {
         case BTA_GATTC_READ_CHAR_EVT:
         case BTA_GATTC_READ_DESCR_EVT:
-            p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL));
 
-            if (p_dest_data->read.p_value != NULL)
+            if (p_src_data->read.p_value != NULL)
             {
-                memcpy(p_dest_data->read.p_value, p_src_data->read.p_value,
-                    sizeof(tBTA_GATT_READ_VAL));
+                p_dest_data->read.p_value = GKI_getbuf(sizeof(tBTA_GATT_READ_VAL));
 
-                // Allocate buffer for att value if necessary
-                if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT
-                  && p_src_data->read.p_value->unformat.p_value != NULL)
+                if (p_dest_data->read.p_value != NULL)
                 {
-                    p_dest_data->read.p_value->unformat.p_value =
-                                   GKI_getbuf(p_src_data->read.p_value->unformat.len);
-                    if (p_dest_data->read.p_value->unformat.p_value != NULL)
+                    memcpy(p_dest_data->read.p_value, p_src_data->read.p_value,
+                        sizeof(tBTA_GATT_READ_VAL));
+
+                    // Allocate buffer for att value if necessary
+                    if (get_uuid16(&p_src_data->read.descr_type) != GATT_UUID_CHAR_AGG_FORMAT
+                      && p_src_data->read.p_value->unformat.p_value != NULL)
                     {
-                        memcpy(p_dest_data->read.p_value->unformat.p_value,
-                               p_src_data->read.p_value->unformat.p_value,
-                               p_src_data->read.p_value->unformat.len);
+                        p_dest_data->read.p_value->unformat.p_value =
+                                       GKI_getbuf(p_src_data->read.p_value->unformat.len);
+                        if (p_dest_data->read.p_value->unformat.p_value != NULL)
+                        {
+                            memcpy(p_dest_data->read.p_value->unformat.p_value,
+                                   p_src_data->read.p_value->unformat.p_value,
+                                   p_src_data->read.p_value->unformat.len);
+                        }
                     }
                 }
             }
+            else
+            {
+                BTIF_TRACE_WARNING2("%s :Src read.p_value ptr is NULL for event  0x%x",
+                                    __FUNCTION__, event);
+                p_dest_data->read.p_value = NULL;
+
+            }
             break;
 
         default:

btif/src/btif_gatt_util.c

diff --git a/btif/src/btif_gatt_util.c b/btif/src/btif_gatt_util.c
index 3775776..d07c737 100644
--- a/btif/src/btif_gatt_util.c
+++ b/btif/src/btif_gatt_util.c
@@ -240,7 +240,7 @@
             break;
 
         default:
-            if ( p_src->status == BTA_GATT_OK )
+            if (( p_src->status == BTA_GATT_OK ) &&(p_src->p_value != NULL))
             {
                 ALOGI("%s unformat.len = %d ", __FUNCTION__, p_src->p_value->unformat.len);
                 p_dest->value.len = p_src->p_value->unformat.len;