LE: Fix stack crash on invalid descriptor write request Fix stack crash when an application attempts to writes a NULL array using the writeDescriptor() function. bug 11574019 Change-Id: Id2d7e49216fcc6e3af369047005fb7e67e0923db

commit: 460d53a0dd8fd19947b0382506bd2b3f9da4743b [log] [tgz]
author: Andre Eisenbach <andre@broadcom.com> Fri Nov 01 14:54:22 2013 -0700
committer: Matthew Xie <mattx@google.com> Thu Nov 07 13:55:37 2013 -0800
tree: 0b7faa33a27418ab3f7cd07ff0f39d43b95151fc
parent: 9dc561f7f13569552a62f771b16fe35dc5b9cd16 [diff]
diff --git a/jni/com_android_bluetooth_gatt.cpp b/jni/com_android_bluetooth_gatt.cpp
index fef84e2..854a925 100644
--- a/jni/com_android_bluetooth_gatt.cpp
+++ b/jni/com_android_bluetooth_gatt.cpp

@@ -991,6 +991,11 @@
 {
     if (!sGattIf) return;
 
+    if (value == NULL) {
+        warn("gattClientWriteDescriptorNative() ignoring NULL array");
+        return;
+    }
+
     btgatt_srvc_id_t srvc_id;
     srvc_id.id.inst_id = (uint8_t) service_id_inst_id;
     srvc_id.is_primary = (service_type == BTGATT_SERVICE_TYPE_PRIMARY ? 1 : 0);
commit	460d53a0dd8fd19947b0382506bd2b3f9da4743b	[log] [tgz]
author	Andre Eisenbach <andre@broadcom.com>	Fri Nov 01 14:54:22 2013 -0700
committer	Matthew Xie <mattx@google.com>	Thu Nov 07 13:55:37 2013 -0800
tree	0b7faa33a27418ab3f7cd07ff0f39d43b95151fc
parent	9dc561f7f13569552a62f771b16fe35dc5b9cd16 [diff]