Google Git
Sign in
android / platform / system / bt / refs/tags/android-platform-11.0.0_r6^1..refs/tags/android-platform-11.0.0_r6 / .
commit6fcfc794d2b33a5a18b4b145fcda2aee4708aca8[log] [tgz]
authorandroid-build-team Robot <android-build-team-robot@google.com>Tue Apr 13 18:12:46 2021 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Tue Apr 13 18:12:46 2021 +0000
tree0c69a32a1f224ee465a943b5fb27af6d946c4a32
parent3f59d603b54bf0625c39040913be08532663cf65 [diff]
parentb59f3660696bd500f1a40bb26db0afa21f9f54e1 [diff]
Snap for 7220242 from b59f3660696bd500f1a40bb26db0afa21f9f54e1 to rvc-platform-release

Change-Id: I5f6a55c906783be5b142bb17930a201af038c01e

diff --git a/btif/src/btif_av.cc b/btif/src/btif_av.cc
index 1003b0f..679ec5e 100644
--- a/btif/src/btif_av.cc
+++ b/btif/src/btif_av.cc

@@ -25,6 +25,7 @@
 #include <base/strings/stringprintf.h>
 #include <string.h>
 #include <map>
+#include <mutex>
 
 #include <hardware/bluetooth.h>
 #include <hardware/bt_av.h>
@@ -532,6 +533,7 @@
   std::set<RawAddress> silenced_peers_;
   RawAddress active_peer_;
   std::map<uint8_t, tBTA_AV_HNDL> peer_id2bta_handle_;
+  std::mutex mutex_;
 };
 
 class BtifAvSink {
@@ -649,6 +651,7 @@
   std::map<RawAddress, BtifAvPeer*> peers_;
   RawAddress active_peer_;
   std::map<uint8_t, tBTA_AV_HNDL> peer_id2bta_handle_;
+  std::mutex mutex_;
 };
 
 /*****************************************************************************
@@ -1036,6 +1039,7 @@
 
 BtifAvPeer* BtifAvSource::FindOrCreatePeer(const RawAddress& peer_address,
                                            tBTA_AV_HNDL bta_handle) {
+  std::unique_lock<std::mutex> lock(mutex_);
   BTIF_TRACE_DEBUG("%s: peer_address=%s bta_handle=0x%x", __PRETTY_FUNCTION__,
                    peer_address.ToString().c_str(), bta_handle);
 
@@ -1141,6 +1145,7 @@
 }
 
 void BtifAvSource::DeregisterAllBtaHandles() {
+  std::unique_lock<std::mutex> lock(mutex_);
   for (auto it : peer_id2bta_handle_) {
     tBTA_AV_HNDL bta_handle = it.second;
     BTA_AvDeregister(bta_handle);
@@ -1150,6 +1155,7 @@
 
 void BtifAvSource::BtaHandleRegistered(uint8_t peer_id,
                                        tBTA_AV_HNDL bta_handle) {
+  std::unique_lock<std::mutex> lock(mutex_);
   peer_id2bta_handle_.insert(std::make_pair(peer_id, bta_handle));
 
   // Set the BTA Handle for the Peer (if exists)
@@ -1240,6 +1246,7 @@
 
 BtifAvPeer* BtifAvSink::FindOrCreatePeer(const RawAddress& peer_address,
                                          tBTA_AV_HNDL bta_handle) {
+  std::unique_lock<std::mutex> lock(mutex_);
   BTIF_TRACE_DEBUG("%s: peer_address=%s bta_handle=0x%x", __PRETTY_FUNCTION__,
                    peer_address.ToString().c_str(), bta_handle);
 
@@ -1348,6 +1355,7 @@
 }
 
 void BtifAvSink::DeregisterAllBtaHandles() {
+  std::unique_lock<std::mutex> lock(mutex_);
   for (auto it : peer_id2bta_handle_) {
     tBTA_AV_HNDL bta_handle = it.second;
     BTA_AvDeregister(bta_handle);
@@ -1356,6 +1364,7 @@
 }
 
 void BtifAvSink::BtaHandleRegistered(uint8_t peer_id, tBTA_AV_HNDL bta_handle) {
+  std::unique_lock<std::mutex> lock(mutex_);
   peer_id2bta_handle_.insert(std::make_pair(peer_id, bta_handle));
 
   // Set the BTA Handle for the Peer (if exists)

diff --git a/btif/src/btif_sock_l2cap.cc b/btif/src/btif_sock_l2cap.cc
index 105d5a1..fa59d87 100644
--- a/btif/src/btif_sock_l2cap.cc
+++ b/btif/src/btif_sock_l2cap.cc

@@ -726,6 +726,7 @@
                << ": unable to push data to socket - closing  fixed channel";
       BTA_JvL2capCloseLE(sock->handle);
       btsock_l2cap_free_l(sock);
+      return;
     }
 
   } else {
@@ -744,6 +745,7 @@
                    << ": unable to push data to socket - closing channel";
           BTA_JvL2capClose(sock->handle);
           btsock_l2cap_free_l(sock);
+          return;
         }
       }
     }

diff --git a/stack/avrc/avrc_api.cc b/stack/avrc/avrc_api.cc
index 1ac856a..579aae5 100644
--- a/stack/avrc/avrc_api.cc
+++ b/stack/avrc/avrc_api.cc

@@ -634,9 +634,10 @@
   tAVRC_MSG_VENDOR* p_msg = &msg.vendor;
 
   if (cr == AVCT_CMD && (p_pkt->layer_specific & AVCT_DATA_CTRL &&
-                         AVRC_PACKET_LEN < sizeof(p_pkt->len))) {
-    /* Ignore the invalid AV/C command frame */
-    p_drop_msg = "dropped - too long AV/C cmd frame size";
+                         p_pkt->len > AVRC_PACKET_LEN)) {
+    android_errorWriteLog(0x534e4554, "177611958");
+    AVRC_TRACE_WARNING("%s: Command length %d too long: must be at most %d",
+                       __func__, p_pkt->len, AVRC_PACKET_LEN);
     osi_free(p_pkt);
     return;
   }

diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index bfce7cb..ba7cbce 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc

@@ -689,6 +689,16 @@
   memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
   memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
 
+  if (!memcmp(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, BT_OCTET32_LEN) &&
+      !memcmp(p_cb->peer_publ_key.y, p_cb->loc_publ_key.y, BT_OCTET32_LEN)) {
+    android_errorWriteLog(0x534e4554, "174886838");
+    SMP_TRACE_WARNING("Remote and local public keys can't match");
+    tSMP_INT_DATA smp;
+    smp.status = SMP_PAIR_AUTH_FAIL;
+    smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp);
+    return;
+  }
+
   if (!ECC_ValidatePoint(pt)) {
     android_errorWriteLog(0x534e4554, "72377774");
     tSMP_INT_DATA smp;