Merge cherrypicks of [10745155, 10743283, 10746098, 10735615, 10743284, 10745369, 10745156, 10745157, 10746136, 10746137, 10745215, 10746138, 10745216, 10745217, 10746139, 10745218, 10743285, 10746118, 10746119, 10745827, 10745158, 10745159, 10743224, 10743225, 10745492] into qt-qpr2-release
Change-Id: Ia1240e033cff4ac89193762f896a4fdd4e7e50b7
diff --git a/service/gatt_server.cc b/service/gatt_server.cc
index 52fd1ed..f46927d 100644
--- a/service/gatt_server.cc
+++ b/service/gatt_server.cc
@@ -18,6 +18,7 @@
#include <base/logging.h>
+#include "osi/include/log.h"
#include "service/logging_helpers.h"
#include "stack/include/bt_types.h"
@@ -116,6 +117,12 @@
return false;
}
+ if (offset < 0) {
+ android_errorWriteLog(0x534e4554, "143231677");
+ LOG(ERROR) << "Offset is less than 0 offset: " << offset;
+ return false;
+ }
+
if (value.size() + offset > BTGATT_MAX_ATTR_LEN) {
LOG(ERROR) << "Value is too large";
return false;
diff --git a/stack/a2dp/a2dp_aac_decoder.cc b/stack/a2dp/a2dp_aac_decoder.cc
index d9cd85d..d998d7d 100644
--- a/stack/a2dp/a2dp_aac_decoder.cc
+++ b/stack/a2dp/a2dp_aac_decoder.cc
@@ -30,7 +30,7 @@
typedef struct {
HANDLE_AACDECODER aac_handle;
bool has_aac_handle; // True if aac_handle is valid
- INT_PCM* decode_buf;
+ INT_PCM* decode_buf = nullptr;
decoded_data_callback_t decode_callback;
} tA2DP_AAC_DECODER_CB;
@@ -58,7 +58,7 @@
void a2dp_aac_decoder_cleanup(void) {
if (a2dp_aac_decoder_cb.has_aac_handle)
aacDecoder_Close(a2dp_aac_decoder_cb.aac_handle);
- free(a2dp_aac_decoder_cb.decode_buf);
+ osi_free(a2dp_aac_decoder_cb.decode_buf);
memset(&a2dp_aac_decoder_cb, 0, sizeof(a2dp_aac_decoder_cb));
}
