From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: balakrishna <quic_kunthumu@quicinc.com>
Date: Tue, 7 Mar 2023 16:53:46 +0530
Subject: [PATCH] BT: Fixing the rfc_slot_id overflow

Root cause:
overflow causing leak in slot fds.
As slot id 0 not valid, we are not able to release these fds later.

Fix:
Changes are made to avoid overflow while allocate rfc slots.

CRs-Fixed: 3417458
Change-Id: I5d7efa34bfb97a6dd8e9d68615d29120a0ae51f0
---
 btif/src/btif_sock_rfc.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/btif/src/btif_sock_rfc.cc b/btif/src/btif_sock_rfc.cc
index 4b490a0e3..e0cc427e1 100644
--- a/btif/src/btif_sock_rfc.cc
+++ b/btif/src/btif_sock_rfc.cc
@@ -209,7 +209,11 @@ static rfc_slot_t* alloc_rfc_slot(const RawAddress* addr, const char* name,
   }
 
   // Increment slot id and make sure we don't use id=0.
-  if (++rfc_slot_id == 0) rfc_slot_id = 1;
+  if (UINT32_MAX == rfc_slot_id) {
+    rfc_slot_id = 1;
+  } else {
+    ++rfc_slot_id;
+  }
 
   slot->fd = fds[0];
   slot->app_fd = fds[1];