summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Pawlowski <jpawlowski@google.com>2016-10-24 15:00:12 -0700
committerJakub Pawlowski <jpawlowski@google.com>2016-10-24 17:03:26 -0700
commite318faa73ad68df4cb344e7bcd4ad087a548e8ee (patch)
tree3495d4206ad756c71231918f2e7a4d645a7c7a5e
parent667e1fe3d7ccc6e2ce11781443f36fc10e47d9a3 (diff)
downloadandroid-system-bt-e318faa73ad68df4cb344e7bcd4ad087a548e8ee.tar.gz
android-system-bt-e318faa73ad68df4cb344e7bcd4ad087a548e8ee.tar.xz
Fix random crashes in HID related code
Operation on characteristics/descriptors shouldn't access GATT database when it's executed. This could happen while service rediscovery is in progress. Bug: 32240759 Test: connect to HID device Change-Id: Ie2b6e6b451456204b1cea1e500df9a0ff949a9ef (cherry picked from commit d8f09d077d9017a522c17f4b9a49328b0ed3e91e)
-rw-r--r--bta/hh/bta_hh_le.c15
1 files changed, 4 insertions, 11 deletions
diff --git a/bta/hh/bta_hh_le.c b/bta/hh/bta_hh_le.c
index 0196e90..b538470 100644
--- a/bta/hh/bta_hh_le.c
+++ b/bta/hh/bta_hh_le.c
@@ -164,34 +164,27 @@ static void gatt_execute_next_op(UINT16 conn_id) {
}
if (op->type == GATT_READ_CHAR) {
- const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
-
mark_as_executing(conn_id);
- BTA_GATTC_ReadCharacteristic(op->conn_id, p_char->handle, BTA_GATT_AUTH_REQ_NONE);
+ BTA_GATTC_ReadCharacteristic(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_READ_DESC) {
- const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
mark_as_executing(conn_id);
- BTA_GATTC_ReadCharDescr(op->conn_id, p_desc->handle, BTA_GATT_AUTH_REQ_NONE);
+ BTA_GATTC_ReadCharDescr(op->conn_id, op->handle, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_WRITE_CHAR) {
- const tBTA_GATTC_CHARACTERISTIC *p_char = BTA_GATTC_GetCharacteristic(op->conn_id, op->handle);
mark_as_executing(conn_id);
- BTA_GATTC_WriteCharValue(op->conn_id, p_char->handle, op->write_type, op->len,
+ BTA_GATTC_WriteCharValue(op->conn_id, op->handle, op->write_type, op->len,
op->p_value, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
} else if (op->type == GATT_WRITE_DESC) {
- const tBTA_GATTC_DESCRIPTOR *p_desc = BTA_GATTC_GetDescriptor(op->conn_id, op->handle);
-
tBTA_GATT_UNFMT value;
value.len = op->len;
value.p_value = op->p_value;
mark_as_executing(conn_id);
- BTA_GATTC_WriteCharDescr(op->conn_id, p_desc->handle, BTA_GATTC_TYPE_WRITE,
+ BTA_GATTC_WriteCharDescr(op->conn_id, op->handle, BTA_GATTC_TYPE_WRITE,
&value, BTA_GATT_AUTH_REQ_NONE);
list_remove(gatt_op_queue, op);
}