L2CAP: Handle invalid HCI packets

- Handled Buffer over flow for uint16_t
- Discard invalid HCI packets from Codenomican test
  tool as data length and actual data not matching
  during reassembly

Use case:
Execute L2CAP test suit from Defensics Codenomican

1. Pair and connect DUT to Codenomican tool
2. Execute L2CAP test suit from Defensics Codenomican

Crash observed on DUT and Codenomican tool stuck in execution.

Root cause:
Codenomican tool sending invalid HCI packets to DUT and
there are no checks to handle buffer over flow and other invalid data
from Codenomican tool.

Change-Id: I6f93c80244fc39d607ad285185136bbbca83d7ae
1 file changed
tree: 9cbd0be64a1906f03bb34b63d492c03bc3b6319b
  1. .gitignore
  2. .gn
  3. Android.mk
  4. BUILD.gn
  5. CleanSpec.mk
  8. README.md
  9. audio_a2dp_hw/
  10. bta/
  11. btcore/
  12. btif/
  13. build/
  14. conf/
  15. device/
  16. doc/
  17. embdrv/
  18. hci/
  19. include/
  20. main/
  21. osi/
  22. profile/
  23. service/
  24. stack/
  25. test/
  26. tools/
  27. udrv/
  28. utils/
  29. vendor_libs/
  30. vnd/

Fluoride Bluetooth stack

Building and running on AOSP

Just build AOSP - Fluoride is there by default.

Building and running on Linux

Instructions for Ubuntu, tested on 15.10 with GCC 5.2.1.

Install required libraries

sudo apt-get install libevent-dev

Install build tools

  • Install ninja build system
sudo apt-get install ninja-build

or download binary from https://github.com/ninja-build/ninja/releases

  • Install gn - meta-build system that generates NinjaBuild files.

Get sha1 of current version from here and then download corresponding executable:

wget -O gn http://storage.googleapis.com/chromium-gn/<gn.sha1>

i.e. if sha1 is “3491f6687bd9f19946035700eb84ce3eed18c5fa” (value from 24 Feb 2016) do

wget -O gn http://storage.googleapis.com/chromium-gn/3491f6687bd9f19946035700eb84ce3eed18c5fa

Then make binary executable and put it on your PATH, i.e.:

chmod a+x ./gn
sudo mv ./gn /usr/bin

Download source

mkdir ~/fluoride
cd ~/fluoride
git clone https://android.googlesource.com/platform/system/bt

Then fetch third party dependencies:

cd ~/fluoride/bt
mkdir third_party
cd third_party
git clone https://github.com/google/googletest.git
git clone https://android.googlesource.com/platform/external/libchrome
git clone https://android.googlesource.com/platform/external/modp_b64
git clone https://android.googlesource.com/platform/external/tinyxml2

And third party dependencies of third party dependencies:

cd fluoride/bt/third_party/libchrome/base/third_party
mkdir valgrind
cd valgrind
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h

Fluoride currently has dependency on some internal Android projects, which also need to be downloaded. This will be removed in future:

cd ~/fluoride
git clone https://android.googlesource.com/platform/system/core
git clone https://android.googlesource.com/platform/hardware/libhardware
git clone https://android.googlesource.com/platform/system/media

Configure your build

We need to configure some paths to make the build successful. Run:

cd ~/fluoride/bt
gn args out/Default

This will prompt you to fill the contents of your “out/Default/args.gn” file. Make it look like below. Replace “/home/job” with path to your home directory, and don't use “~” in build arguments:

# Build arguments go here. Examples:
#   is_component_build = true
#   is_debug = false
# See "gn args <out_dir> --list" for available build arguments.

libhw_include_path = "/home/job/fluoride/libhardware/include"
core_include_path = "/home/job/fluoride/core/include"
audio_include_path = "/home/job/fluoride/media/audio/include"

Then generate your build files by calling

cd ~/fluoride/bt
gn gen out/Default


cd ~/fluoride/bt
ninja -C out/Default all

This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace “all” with the target of your choice, e.g. ninja -C out/Default net_test_osi.


cd ~/fluoride/bt/out/Default
LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride