DivestOS/Patches/LineageOS-16.0/android_system_bt/347127.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Raghavender Reddy Bujala <c-bujalr@codeaurora.org>
Date: Thu, 2 Dec 2021 16:04:19 +0530
Subject: [PATCH] BT: Once AT command is retrieved, return from method.

- Observed SIGSEV issue in Defensics, when received
buf is more than BTA_HF_CLIENT_AT_PARSER_MAX_LEN.

- Commented recover cut data, after AT command is
retrieved because leftover data/buf is more than
BTA_HF_CLIENT_AT_PARSER_MAX_LEN and leading to
offset corruption.

CRs-Fixed: 3052411
Change-Id: I6375d00eebfbf97ffc40456622a6d39e4388f4b2
---
 bta/hf_client/bta_hf_client_at.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/bta/hf_client/bta_hf_client_at.cc b/bta/hf_client/bta_hf_client_at.cc
index ecdf0daec..8c285fbe7 100644
--- a/bta/hf_client/bta_hf_client_at.cc
+++ b/bta/hf_client/bta_hf_client_at.cc
@@ -1615,9 +1615,13 @@ void bta_hf_client_at_parse(tBTA_HF_CLIENT_CB* client_cb, char* buf,
     bta_hf_client_at_parse_start(client_cb);
     bta_hf_client_at_clear_buf(client_cb);
 
-    /* recover cut data */
-    memcpy(client_cb->at_cb.buf, tmp_buff, tmp);
-    client_cb->at_cb.offset += tmp;
+    /* TODO: recover cut data */
+    // memcpy(client_cb->at_cb.buf, tmp_buff, tmp);
+    // client_cb->at_cb.offset += tmp;
+    // Observed SIGSEV issue in Defensics, when received buf is more than
+    // BTA_HF_CLIENT_AT_PARSER_MAX_LEN.
+    // Assuming to return from here, Once AT command is retrieved.
+    return;
   }
 
   memcpy(client_cb->at_cb.buf + client_cb->at_cb.offset, buf, len);
16.0: Import and verify picks https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev> 2024-05-07 23:13:31 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Raghavender Reddy Bujala <c-bujalr@codeaurora.org>`
			`Date: Thu, 2 Dec 2021 16:04:19 +0530`
			`Subject: [PATCH] BT: Once AT command is retrieved, return from method.`

			`- Observed SIGSEV issue in Defensics, when received`
			`buf is more than BTA_HF_CLIENT_AT_PARSER_MAX_LEN.`

			`- Commented recover cut data, after AT command is`
			`retrieved because leftover data/buf is more than`
			`BTA_HF_CLIENT_AT_PARSER_MAX_LEN and leading to`
			`offset corruption.`

			`CRs-Fixed: 3052411`
			`Change-Id: I6375d00eebfbf97ffc40456622a6d39e4388f4b2`
			`---`
			`bta/hf_client/bta_hf_client_at.cc \| 10 +++++++---`
			`1 file changed, 7 insertions(+), 3 deletions(-)`

			`diff --git a/bta/hf_client/bta_hf_client_at.cc b/bta/hf_client/bta_hf_client_at.cc`
			`index ecdf0daec..8c285fbe7 100644`
			`--- a/bta/hf_client/bta_hf_client_at.cc`
			`+++ b/bta/hf_client/bta_hf_client_at.cc`
			`@@ -1615,9 +1615,13 @@ void bta_hf_client_at_parse(tBTA_HF_CLIENT_CB* client_cb, char* buf,`
			`bta_hf_client_at_parse_start(client_cb);`
			`bta_hf_client_at_clear_buf(client_cb);`

			`- /* recover cut data */`
			`- memcpy(client_cb->at_cb.buf, tmp_buff, tmp);`
			`- client_cb->at_cb.offset += tmp;`
			`+ /* TODO: recover cut data */`
			`+ // memcpy(client_cb->at_cb.buf, tmp_buff, tmp);`
			`+ // client_cb->at_cb.offset += tmp;`
			`+ // Observed SIGSEV issue in Defensics, when received buf is more than`
			`+ // BTA_HF_CLIENT_AT_PARSER_MAX_LEN.`
			`+ // Assuming to return from here, Once AT command is retrieved.`
			`+ return;`
			`}`

			`memcpy(client_cb->at_cb.buf + client_cb->at_cb.offset, buf, len);`