Fix random crashes in HID related code
Operation on characteristics/descriptors shouldn't access GATT database
when it's executed. This could happen while service rediscovery is in
progress.
Bug: 32240759
Test: connect to HID device
Change-Id: Ie2b6e6b451456204b1cea1e500df9a0ff949a9ef
(cherry picked from commit d8f09d077d9017a522c17f4b9a49328b0ed3e91e)
diff --git a/bta/hh/bta_hh_le.c b/bta/hh/bta_hh_le.c
index 0196e90..b538470 100644
--- a/bta/hh/bta_hh_le.c
+++ b/bta/hh/bta_hh_le.c
@@ -164,34 +164,27 @@
}
if (op->type == GATT_READ_CHAR) {
- const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
-
mark_as_executing(conn_id);
- BTA_GATTC_ReadCharacteristic(op->conn_id, p_char->handle, BTA_GATT_AUTH_REQ_NONE);
+ BTA_GATTC_ReadCharacteristic(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_READ_DESC) {
- const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
mark_as_executing(conn_id);
- BTA_GATTC_ReadCharDescr(op->conn_id, p_desc->handle, BTA_GATT_AUTH_REQ_NONE);
+ BTA_GATTC_ReadCharDescr(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_WRITE_CHAR) {
- const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
mark_as_executing(conn_id);
- BTA_GATTC_WriteCharValue(op->conn_id, p_char->handle, op->write_type, op->len,
+ BTA_GATTC_WriteCharValue(op->conn_id, op->handle, op->write_type, op->len,
op->p_value, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_WRITE_DESC) {
- const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
tBTA_GATT_UNFMT value;
value.len = op->len;
value.p_value = op->p_value;
mark_as_executing(conn_id);
- BTA_GATTC_WriteCharDescr(op->conn_id, p_desc->handle, BTA_GATTC_TYPE_WRITE,
+ BTA_GATTC_WriteCharDescr(op->conn_id, op->handle, BTA_GATTC_TYPE_WRITE,
&value, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
}