uint8_t event;
int server_if;
uint8_t status;
- uint8_t data[31];
+ uint8_t data[BT_HAL_ADVERTISING_DATA_LENGTH_MAX];
} bt_hal_adv_event_data_t;
/* Macros */
/* Takes care of both Scan Response and Advertising data */
int _bt_hal_set_advertising_data(btgatt_adv_param_setup_t adv_param_setup)
{
- uint8_t adv_data[31];
- char adv_data_str[(31 * 2) + 1];
+ uint8_t adv_data[BT_HAL_ADVERTISING_DATA_LENGTH_MAX];
+ char adv_data_str[(BT_HAL_ADVERTISING_DATA_LENGTH_MAX * 2) + 1];
int index = 0;
GDBusProxy *proxy;
GError *error = NULL;
slot_id = bt_hal_gatts_allocate_adv_slot_by_server_if(adv_param_setup.server_if);
- memset(&adv_data, 0, 31);
+ memset(&adv_data, 0, BT_HAL_ADVERTISING_DATA_LENGTH_MAX);
/* Service UUID */
if (adv_param_setup.service_uuid_len > 0) {
DBG("After Service UUID:Index [%d]", index);
}
+ if (length >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
/* Solicit UUID */
if (adv_param_setup.solicit_uuid_len > 0) {
__bt_hal_parse_uuid(adv_param_setup.solicit_uuid_len,
DBG("After Solicit UUID: Index [%d]", index);
}
+ if (length >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
/* Service Data UUID*/
if (adv_param_setup.service_data_len > 0) {
int l = 0;
+
l = __bt_hal_parse_service_data(adv_param_setup.service_data_len,
adv_param_setup.service_data, &adv_data[index]);
#else
if (adv_param_setup.appearance > 0) {
#endif
+ if (index + 3 >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
adv_data[index] = 0x03;
adv_data[index+1] = 0x19;
adv_data[index+2] = (uint8_t) (adv_param_setup.appearance & 0xFF);
/* TX Power */
if (adv_param_setup.include_txpower != 0) {
+ if (index + 1 >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
adv_data[index] = 0x01;
adv_data[index+1] = 0x0A;
index += 2;
/* Device Name */
if (adv_param_setup.include_name != 0) {
+ if (index + 1 >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
adv_data[index] = 0x01;
adv_data[index+1] = 0x09;
index += 2;
/* Manufacturer data */
if (adv_param_setup.manufacturer_data_len > 0) {
+ if ((index + 1) + adv_param_setup.manufacturer_data_len >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
adv_data[index] = 1 + adv_param_setup.manufacturer_data_len;
adv_data[index+1] = 0xFF;
memcpy(&adv_data[index+2], adv_param_setup.manufacturer_data, adv_param_setup.manufacturer_data_len);
/* Transport Discovery Data */
if (adv_param_setup.tds_data_len > 0) {
+ if ((index + 1) + adv_param_setup.tds_data_len >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
adv_data[index] = 1 + adv_param_setup.tds_data_len;
adv_data[index+1] = 0x26;
memcpy(&adv_data[index+2], adv_param_setup.tds_data, adv_param_setup.tds_data_len);
DBG("After Transport Discovery Data: Index [%d]", index);
}
+ if (length >= BT_HAL_ADVERTISING_DATA_LENGTH_MAX)
+ return BT_STATUS_FAIL;
+
for (i = 0; i < length; i++)
snprintf(&adv_data_str[i * 2], 3, "%02X", adv_data[i]);
INFO("Set adv data. Index [%d] length [%d] Data[%s]", index, length, adv_data_str);
event->event = BT_HAL_MULTI_ADV_DATA_EVT;
event->server_if = adv_param_setup.server_if;
event->status = BT_STATUS_SUCCESS;
- memcpy(&event->data, adv_data, 31);
+ memcpy(&event->data, adv_data, BT_HAL_ADVERTISING_DATA_LENGTH_MAX);
g_idle_add(__bt_hal_adv_event_cb, (gpointer)event);
return BT_STATUS_SUCCESS;
projects / platform / core / connectivity / bluetooth-frwk.git / commitdiff