Merge branch 'bugfix/btdm_fix_set_attr_value_crash_when_length_is_0' into 'master'

component/bt: fix crash when the length of attr value set zero

See merge request !1397
This commit is contained in:
Jiang Jiang Jian 2017-10-13 16:00:15 +08:00
commit a0ad3ff008
2 changed files with 5 additions and 1 deletions

View file

@ -474,8 +474,10 @@ void BTA_GATTS_SendRsp (UINT16 conn_id, UINT32 trans_id,
void BTA_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *value)
{
tBTA_GATTS_API_SET_ATTR_VAL *p_buf;
UINT16 len = sizeof(tBTA_GATTS_API_SET_ATTR_VAL);
if((p_buf = (tBTA_GATTS_API_SET_ATTR_VAL *)osi_malloc(
sizeof(tBTA_GATTS_API_SET_ATTR_VAL))) != NULL){
memset(p_buf, 0, len);
p_buf->hdr.event = BTA_GATTS_API_SET_ATTR_VAL_EVT;
p_buf->hdr.layer_specific = attr_handle;
p_buf->length = length;

View file

@ -723,7 +723,9 @@ tGATT_STATUS GATTS_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *v
GATT_TRACE_DEBUG("GATTS_SetAttributeValue: attr_handle: %u length: %u \n",
attr_handle, length);
if (length <= 0){
return GATT_INVALID_ATTR_LEN;
}
if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
GATT_TRACE_DEBUG("Service not created\n");
return GATT_INVALID_HANDLE;