Fix memory overflow. Bug: 180939982 Merged-In: I1be3b836e09901c9cc614b02e21ae41b9a1ebfac Change-Id: I1be3b836e09901c9cc614b02e21ae41b9a1ebfac (cherry picked from commit 0d93359dbbe99da62528b236ba4a9ab92f06c6af)

commit: 98082adf48c074d96158d0c737bba0eb2e52e25e [log] [tgz]
author: Richard Smith <happyercat@gmail.com> Mon Feb 22 14:25:43 2021 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Jul 01 11:01:54 2021 +0000
tree: ed313c98163f15830ceebfaca6adc35b37888f1c
parent: c34f33c6b0f152a21dae89d3abfb4f7e4b3cc5b4 [diff]
diff --git a/stack/btm/btm_acl.cc b/stack/btm/btm_acl.cc
index 72239d9..2c7bebd 100644
--- a/stack/btm/btm_acl.cc
+++ b/stack/btm/btm_acl.cc

@@ -1613,7 +1613,7 @@
   /* Make sure we don't exceed max port range.
    * Stack reserves scn 1 for HFP, HSP we still do the correct way.
    */
-  if ((scn >= BTM_MAX_SCN) || (scn == 1)) return false;
+  if ((scn >= BTM_MAX_SCN) || (scn == 1) || (scn == 0)) return false;
 
   /* check if this port is available */
   if (!btm_cb.btm_scn[scn - 1]) {
@@ -1635,7 +1635,7 @@
  ******************************************************************************/
 bool BTM_FreeSCN(uint8_t scn) {
   BTM_TRACE_DEBUG("BTM_FreeSCN ");
-  if (scn <= BTM_MAX_SCN) {
+  if (scn <= BTM_MAX_SCN && scn > 0) {
     btm_cb.btm_scn[scn - 1] = false;
     return (true);
   } else {
commit	98082adf48c074d96158d0c737bba0eb2e52e25e	[log] [tgz]
author	Richard Smith <happyercat@gmail.com>	Mon Feb 22 14:25:43 2021 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Thu Jul 01 11:01:54 2021 +0000
tree	ed313c98163f15830ceebfaca6adc35b37888f1c
parent	c34f33c6b0f152a21dae89d3abfb4f7e4b3cc5b4 [diff]