Google Git
Sign in
android / platform / system / bt / e318faa73ad68df4cb344e7bcd4ad087a548e8ee^! / .
commite318faa73ad68df4cb344e7bcd4ad087a548e8ee[log] [tgz]
authorJakub Pawlowski <jpawlowski@google.com>Mon Oct 24 15:00:12 2016 -0700
committerJakub Pawlowski <jpawlowski@google.com>Mon Oct 24 17:03:26 2016 -0700
tree3495d4206ad756c71231918f2e7a4d645a7c7a5e
parent667e1fe3d7ccc6e2ce11781443f36fc10e47d9a3 [diff]
Fix random crashes in HID related code

Operation on characteristics/descriptors shouldn't access GATT database
when it's executed. This could happen while service rediscovery is in
progress.

Bug: 32240759
Test: connect to HID device
Change-Id: Ie2b6e6b451456204b1cea1e500df9a0ff949a9ef
(cherry picked from commit d8f09d077d9017a522c17f4b9a49328b0ed3e91e)

diff --git a/bta/hh/bta_hh_le.c b/bta/hh/bta_hh_le.c
index 0196e90..b538470 100644
--- a/bta/hh/bta_hh_le.c
+++ b/bta/hh/bta_hh_le.c

@@ -164,34 +164,27 @@
     }
 
     if (op->type == GATT_READ_CHAR) {
-        const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
-
         mark_as_executing(conn_id);
-        BTA_GATTC_ReadCharacteristic(op->conn_id, p_char->handle, BTA_GATT_AUTH_REQ_NONE);
+        BTA_GATTC_ReadCharacteristic(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
         list_remove(gatt_op_queue, op);
 
     } else if (op->type == GATT_READ_DESC) {
-        const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
         mark_as_executing(conn_id);
-        BTA_GATTC_ReadCharDescr(op->conn_id, p_desc->handle, BTA_GATT_AUTH_REQ_NONE);
+        BTA_GATTC_ReadCharDescr(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
         list_remove(gatt_op_queue, op);
     } else if (op->type == GATT_WRITE_CHAR) {
-        const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
         mark_as_executing(conn_id);
-        BTA_GATTC_WriteCharValue(op->conn_id, p_char->handle, op->write_type, op->len,
+        BTA_GATTC_WriteCharValue(op->conn_id, op->handle, op->write_type, op->len,
                                  op->p_value, BTA_GATT_AUTH_REQ_NONE);
 
         list_remove(gatt_op_queue, op);
     } else if (op->type == GATT_WRITE_DESC) {
-        const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
         tBTA_GATT_UNFMT value;
         value.len = op->len;
         value.p_value = op->p_value;
 
         mark_as_executing(conn_id);
-        BTA_GATTC_WriteCharDescr(op->conn_id, p_desc->handle, BTA_GATTC_TYPE_WRITE,
+        BTA_GATTC_WriteCharDescr(op->conn_id, op->handle, BTA_GATTC_TYPE_WRITE,
                                  &value, BTA_GATT_AUTH_REQ_NONE);
         list_remove(gatt_op_queue, op);
     }