Merge branch 'bugfix/btdm_fix_set_attr_value_crash_when_length_is_0' into 'master'
component/bt: fix crash when the length of attr value set zero See merge request !1397
This commit is contained in:
commit
a0ad3ff008
2 changed files with 5 additions and 1 deletions
|
@ -474,8 +474,10 @@ void BTA_GATTS_SendRsp (UINT16 conn_id, UINT32 trans_id,
|
||||||
void BTA_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *value)
|
void BTA_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *value)
|
||||||
{
|
{
|
||||||
tBTA_GATTS_API_SET_ATTR_VAL *p_buf;
|
tBTA_GATTS_API_SET_ATTR_VAL *p_buf;
|
||||||
|
UINT16 len = sizeof(tBTA_GATTS_API_SET_ATTR_VAL);
|
||||||
if((p_buf = (tBTA_GATTS_API_SET_ATTR_VAL *)osi_malloc(
|
if((p_buf = (tBTA_GATTS_API_SET_ATTR_VAL *)osi_malloc(
|
||||||
sizeof(tBTA_GATTS_API_SET_ATTR_VAL))) != NULL){
|
sizeof(tBTA_GATTS_API_SET_ATTR_VAL))) != NULL){
|
||||||
|
memset(p_buf, 0, len);
|
||||||
p_buf->hdr.event = BTA_GATTS_API_SET_ATTR_VAL_EVT;
|
p_buf->hdr.event = BTA_GATTS_API_SET_ATTR_VAL_EVT;
|
||||||
p_buf->hdr.layer_specific = attr_handle;
|
p_buf->hdr.layer_specific = attr_handle;
|
||||||
p_buf->length = length;
|
p_buf->length = length;
|
||||||
|
|
|
@ -723,7 +723,9 @@ tGATT_STATUS GATTS_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *v
|
||||||
|
|
||||||
GATT_TRACE_DEBUG("GATTS_SetAttributeValue: attr_handle: %u length: %u \n",
|
GATT_TRACE_DEBUG("GATTS_SetAttributeValue: attr_handle: %u length: %u \n",
|
||||||
attr_handle, length);
|
attr_handle, length);
|
||||||
|
if (length <= 0){
|
||||||
|
return GATT_INVALID_ATTR_LEN;
|
||||||
|
}
|
||||||
if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
|
if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
|
||||||
GATT_TRACE_DEBUG("Service not created\n");
|
GATT_TRACE_DEBUG("Service not created\n");
|
||||||
return GATT_INVALID_HANDLE;
|
return GATT_INVALID_HANDLE;
|
||||||
|
|
Loading…
Reference in a new issue