From 00c1bbd96cd00dc17828086198724605cf5be443 Mon Sep 17 00:00:00 2001
From: Jack He <siyuanh@google.com>
Date: Fri, 27 Apr 2018 12:00:50 -0700
Subject: [PATCH] RFCOMM: Crash on null MCB and PORT in state machine

* rfc_mx_sm_execute should never receive a NULL mcb
* rfc_port_sm_execute should never receive a NULL port
* If the above happens, we should crash since otherwise we might miss a
  state machine event and not knowing that we missed it if we just do a
  simple NULL check

Bug: 77224743
Test: StackRfcommTest
Change-Id: I7114e46ae706927cc839c7201c97362710e7a874
---
 system/stack/rfcomm/rfc_mx_fsm.cc   | 4 +++-
 system/stack/rfcomm/rfc_port_fsm.cc | 9 +++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/system/stack/rfcomm/rfc_mx_fsm.cc b/system/stack/rfcomm/rfc_mx_fsm.cc
index 12ed1f77943..4fbf8702baf 100644
--- a/system/stack/rfcomm/rfc_mx_fsm.cc
+++ b/system/stack/rfcomm/rfc_mx_fsm.cc
@@ -69,7 +69,9 @@ static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg);
  *
  ******************************************************************************/
 void rfc_mx_sm_execute(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {
-  RFCOMM_TRACE_DEBUG("%s: STATE=%d, EVENT=%d", __func__, p_mcb->state, event);
+  CHECK(p_mcb != nullptr) << __func__ << ": NULL mcb for event " << event;
+  VLOG(1) << __func__ << ": bd_addr=" << p_mcb->bd_addr
+          << ", state=" << std::to_string(p_mcb->state) << ", event=" << event;
   switch (p_mcb->state) {
     case RFC_MX_STATE_IDLE:
       rfc_mx_sm_state_idle(p_mcb, event, p_data);
diff --git a/system/stack/rfcomm/rfc_port_fsm.cc b/system/stack/rfcomm/rfc_port_fsm.cc
index 947c23baae2..9c6298944c6 100644
--- a/system/stack/rfcomm/rfc_port_fsm.cc
+++ b/system/stack/rfcomm/rfc_port_fsm.cc
@@ -64,14 +64,11 @@ static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
  *
  ******************************************************************************/
 void rfc_port_sm_execute(tPORT* p_port, uint16_t event, void* p_data) {
-  VLOG(1) << __func__ << ": PORT=" << std::to_string(p_port->handle)
+  CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;
+  VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr
+          << ", PORT=" << std::to_string(p_port->handle)
           << ", STATE=" << std::to_string(p_port->rfc.state)
           << ", EVENT=" << event;
-  if (!p_port) {
-    LOG(WARNING) << __func__ << ": NULL port event " << event;
-    return;
-  }
-
   switch (p_port->rfc.state) {
     case RFC_STATE_CLOSED:
       rfc_port_sm_state_closed(p_port, event, p_data);
-- 
GitLab