This test checks for proper handling of invalid Service ID on a IPC
message, but it was attempting to register handlers for this invalid ID,
which on current ipc_register() implementation was causing a buffer
overrun.
The fix was to use a valid ID during registration, but still attempt to
use an invalid one when sending the message.
Although this command is not implemented by BlueZ, make sure it is
callable from haltest so at least the IPC can be tested.
Also memset() the hid_info parameter to not pass uninitialized data
around.
These UUIDs are assigned by BT-SIG and therefore there is no need to
use full 128-bit UUIDs. This also avoids unnecessary conversion from
string representation.
This patch allows bluetoothd to be run with Valgrind easily in debug
variants.
For userdebug and eng variants bluetoothd is renamed to bluetoothd-main
and bluetoothd acts a wrapper to launch it either with or without
Valgrind (this is decided by value of persist.sys.bluetooth.valgrind
property).
The patch fixes following clang warning:
...
profiles/audio/avdtp.c:3293:2: warning: Null pointer passed as an
argument to a 'nonnull' parameter
memcpy(cap->data, data, length);
^ ~~~~
Unregistering a SEP can trigger abort_cfm callback if some device is
connected thus we should free setups list after all endpoints are
unregistered to avoid error in abort_cfm due to non-existing setup.
In case audio IPC is suddenly disconnected (most likely due to crash of
mediaserver process) we should disconnect headset since it is no longer
associated with valid setup and cannot be used properly.
We should not try to neither auto-resume nor write when state is set to
NONE as this is case when we're being closed and it's ok do ignore
write request.
Using sysfs is causing problems due to filesystem permissions
(bluetoothd is running as bluetooth user) and bluetoothd already has
required capabilities for setting forward delay through ioctl.
Android uses bt-pan static interface in PAN profile. In server role
it uses it as bridge name. But current implementaion passes interface
names like bnep0, bnep1... Android Framework is unaware of this name
and unable to allocate IP address after profile connection setup.
Calling g_slist_remove within the callback of g_slist_foreach is very
inefficient as it has to iterate in the list twice to figure which
element to remove.
Calling g_slist_remove within the callback of g_slist_foreach is very
inefficient as it has to iterate twice in the list to figure which
element to remove.
Invalid read of size 8
at 0x30EE465A78: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x418209: bt_a2dp_unregister (a2dp.c:1576)
by 0x4039E6: main (main.c:347)
Address 0x4f2d248 is 8 bytes inside a block of size 16 free'd
at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x30EE44EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE4655CA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE465F0C: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x41645F: a2dp_device_free (a2dp.c:174)
by 0x30EE466477: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE46649A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x418209: bt_a2dp_unregister (a2dp.c:1576)
by 0x4039E6: main (main.c:347)
