Strndupa is GNU extension. print_string is simple and opencoding
strndupa is not a big loss.
This fix linkage error with bionic library which doesn't provide
strndupa.
target Executable: btmon (out/target/product/grouper/obj/EXECUTABLES/
btmon_intermediates/LINKED/btmon)
prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.6/bin/../lib/gcc/
arm-linux-androideabi/4.6.x-google/../../../../
arm-linux-androideabi/bin/ld: out/target/product/grouper/obj/
EXECUTABLES/btmon_intermediates/monitor/sdp.o: in function
print_string:external/bluetooth/bluez/monitor/sdp.c:146: error:
undefined reference to 'strndupa'
collect2: ld returned 1 exit status
make: *** [out/target/product/grouper/obj/EXECUTABLES/
btmon_intermediates/LINKED/btmon] Error
The position should stop at UINT32_MAX after that the progress can no
longer be calculated, this should also prevent the position to change
when the remote stack doesn't support it which is also indicated with
UINT32_MAX which apparently is the case of Spotify on Android 4.3:
[CHG] Player /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX/player0 Position: 0xffffffff
[CHG] Player /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX/player0 Status: playing
[CHG] Player /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX/player0 Position: 0x000000
Custom GATT services typically use 128-bits UUIDs; this patch allows for
using gatt_service_add to define such services by adding a new option
GATT_OPT_CHR_UUID, which allows for passing bt_uuid_t* values. Note, a
previous patch renamed the old GATT_OPT_CHR_UUID into
GATT_OPT_CHR_UUID16.
To paraphrase Anderson Lizardo: "h" was overflowing for 128-bit services
because the handle is incremented after each attribute is added so at
the end we had: 0xffff + 1 == 0 (h is uint16_t).
As it seems more complex to try to remove the overflow without affecting
the logic too much, we update the assertion.
While accepting the connection via DEFER_SETUP a second connection can
be created by using avctp_connect_browsing which will not detect one is
in course as the state has not yet changed, this can cause memory leaks
or crashes as the following:
profiles/audio/avctp.c:avctp_confirm_cb() AVCTP: incoming connect from XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connecting
profiles/audio/avctp.c:avctp_connect_browsing_cb() AVCTP Browsing: connected to XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connected
profiles/audio/avctp.c:avctp_connect_browsing_cb() AVCTP Browsing: connected to XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connected
profiles/audio/avctp.c:session_browsing_cb() AVCTP Browsing: disconnected
profiles/audio/avctp.c:avctp_set_state() AVCTP Connected
Invalid read of size 8
at 0x41EB28: session_browsing_cb (avctp.c:842)
by 0x32F5447E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40A28F: main (main.c:583)
Address 0x20 is not stack'd, malloc'd or (recently) free'd
If the remote stack respond to GetCapabilities before connecting to
browsing channel connect it immediatelly as some events might depend on
it to work properly.
The spec actually recommends the browsing channel to be connected
immediatelly after the control channel:
AVRCP 1.5 - Page 23
"4.1.1 Connection establishment
...
If a browsing channel is supported by both devices it shall be
established after control channel establishment. It is recommended that
the browsing channel is established immediately after the control
channel is established and released immediately before the control
channel is released to avoid unsatisfactory latency when a browsing
command is sent."
Both controller and target services can initiate the connection but
probably only one of the services will be in CONNECTING state which may
happen to not have browsing feature set.
Currently this happens when connecting BlueZ vs BlueZ where the CT record
does not have browsing feature set so if the corresponding service start
connecting it wont connect the browsing channel due to lack of feature.
When the remote stack support both AVAILABLE_PLAYER_CHANGED and
ADDRESSED_PLAYER_CHANGED the player twice are inited twice leaking
the memory allocated in the first time:
16 bytes in 1 blocks are definitely lost in loss record 45 of 236
at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x32F544D89E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5464BF7: g_memdup (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x4247CC: avrcp_get_media_player_list_rsp (avrcp.c:2432)
by 0x41ECAB: session_browsing_cb (avctp.c:826)
by 0x32F5447E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40A28F: main (main.c:583)
16 bytes in 1 blocks are definitely lost in loss record 46 of 236
at 0x4A082F7: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x32F544D946: g_realloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5466D43: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5467032: g_string_insert_len (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5435287: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x421E62: avrcp_set_browsed_player_rsp (avrcp.c:2349)
by 0x41ECAB: session_browsing_cb (avctp.c:826)
by 0x32F5447E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x32F5448559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40A28F: main (main.c:583)
By convention, BlueZ code checks for "Gsource id" like variables using:
if (source_id > 0)
...
Also fix the variable type to match that returned by
g_attrib_unregister().
If device is removed while there is no connection, scan->attrib will be
NULL, because its reference is managed by attio connect/disconnect
callbacks. This means that on disconnect any resources owned by GAttrib
will be properly destroyed.
When discovering descriptors, if there is only a single descriptor, the
start handle will be equal to the end handle. It is valid to issue the
Find Information Request on this case.
Before this fix, notification for Scan Refresh characteristic was never
enabled.
