Type confusion due to race condition on tag type change
Pending timers need to be canceled before a tag type is changed.
Bug: 192472262
Test: build ok
Change-Id: Iebfcaf9d269381ef2ba14a26e6124f173d2299ec
(cherry picked from commit b8057f7a38d5817314f6f2e58bd4a721ec8af82f)
(cherry picked from commit ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23)
diff --git a/src/nfc/tags/rw_main.cc b/src/nfc/tags/rw_main.cc
index 071b966..abd8bbe 100644
--- a/src/nfc/tags/rw_main.cc
+++ b/src/nfc/tags/rw_main.cc
@@ -34,6 +34,7 @@
#include "bt_types.h"
#include "nci_hmsgs.h"
#include "nfc_api.h"
+#include "nfc_int.h"
#include "rw_api.h"
#include "rw_int.h"
@@ -220,6 +221,38 @@
return (NFC_STATUS_FAILED);
}
+ switch (rw_cb.tcb_type) {
+ case RW_CB_TYPE_T1T: {
+ nfc_stop_quick_timer(&rw_cb.tcb.t1t.timer);
+ break;
+ }
+ case RW_CB_TYPE_T2T: {
+ nfc_stop_quick_timer(&rw_cb.tcb.t2t.t2_timer);
+ break;
+ }
+ case RW_CB_TYPE_T3T: {
+ nfc_stop_quick_timer(&rw_cb.tcb.t3t.timer);
+ nfc_stop_quick_timer(&rw_cb.tcb.t3t.poll_timer);
+ break;
+ }
+ case RW_CB_TYPE_T4T: {
+ nfc_stop_quick_timer(&rw_cb.tcb.t4t.timer);
+ break;
+ }
+ case RW_CB_TYPE_T5T: {
+ nfc_stop_quick_timer(&rw_cb.tcb.i93.timer);
+ break;
+ }
+ case RW_CB_TYPE_MIFARE: {
+ nfc_stop_quick_timer(&rw_cb.tcb.mfc.timer);
+ nfc_stop_quick_timer(&rw_cb.tcb.mfc.mfc_timer);
+ break;
+ }
+ case RW_CB_TYPE_UNKNOWN: {
+ break;
+ }
+ }
+
/* Reset tag-specific area of control block */
memset(&rw_cb.tcb, 0, sizeof(tRW_TCB));
