diff options
author | Martijn Coenen <maco@google.com> | 2015-11-05 11:10:12 +0100 |
---|---|---|
committer | Martijn Coenen <maco@google.com> | 2015-11-05 14:23:59 +0100 |
commit | c56a929eeb9856d5fd78825c00398ba0d471c816 (patch) | |
tree | fc91e5ac9f368e3fa3fc803c22f88802436278c3 | |
parent | f644e0182e68dd9488594e729408a71dad330f72 (diff) | |
download | libnfc-nci-c56a929eeb9856d5fd78825c00398ba0d471c816.tar.gz |
Don't free memory that shouldn't be freed.
In case of NFC_ERROR_CEVT, p_data is just
a pointer to an uint8_t, and doesn't contain
data that needs to be freed. Note that there's
a fall-through from NFC_DATA_CEVT above which
warrants further investigation, but for
now this is the safe fix.
Bug: 25489121
Change-Id: Ibab5b42ca9defca04b2310c8d9a441c89f0f722d
-rw-r--r-- | src/nfc/tags/rw_t1t.c | 6 | ||||
-rw-r--r-- | src/nfc/tags/rw_t2t.c | 7 |
2 files changed, 0 insertions, 13 deletions
diff --git a/src/nfc/tags/rw_t1t.c b/src/nfc/tags/rw_t1t.c index a7a8001..e7d373e 100644 --- a/src/nfc/tags/rw_t1t.c +++ b/src/nfc/tags/rw_t1t.c @@ -295,12 +295,6 @@ void rw_t1t_conn_cback (UINT8 conn_id, tNFC_CONN_EVT event, tNFC_CONN *p_data) { rw_t1t_process_error (); } - if((p_data != NULL) && (p_data->data.p_data != NULL)) - { - /* Free the response buffer in case of invalid response*/ - GKI_freebuf((BT_HDR *) (p_data->data.p_data)); - p_data->data.p_data = NULL; - } break; default: diff --git a/src/nfc/tags/rw_t2t.c b/src/nfc/tags/rw_t2t.c index e6f5b5b..de2de64 100644 --- a/src/nfc/tags/rw_t2t.c +++ b/src/nfc/tags/rw_t2t.c @@ -346,13 +346,6 @@ void rw_t2t_conn_cback (UINT8 conn_id, tNFC_CONN_EVT event, tNFC_CONN *p_data) { rw_t2t_process_error (); } - /* Free the response buffer in case of invalid response*/ - if((p_data != NULL) && (p_data->data.p_data != NULL)) - { - /* Free the response buffer in case of invalid response*/ - GKI_freebuf((BT_HDR *) (p_data->data.p_data)); - p_data->data.p_data = NULL; - } break; default: |