From b45b847923b0961a72c007fabf241aeb288555a7 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Thu, 12 Jan 2023 23:02:31 +0000
Subject: [PATCH] Fix a nullptr-deref in on_create_record_event

Bug: 263545186
Test: manual
Ignore-AOSP-First: security
Change-Id: I0abbb67842850cc2f1298b43dc49a89445b40a43
---
 system/btif/src/btif_sdp_server.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/btif/src/btif_sdp_server.cc b/system/btif/src/btif_sdp_server.cc
index ba166b60675..4f043674592 100644
--- a/system/btif/src/btif_sdp_server.cc
+++ b/system/btif/src/btif_sdp_server.cc
@@ -350,9 +350,9 @@ void on_create_record_event(int id) {
   BTIF_TRACE_DEBUG("Sdp Server %s", __func__);
   const sdp_slot_t* sdp_slot = start_create_sdp(id);
   tBTA_SERVICE_ID service_id = -1;
+  bluetooth_sdp_record* record;
   /* In the case we are shutting down, sdp_slot is NULL */
-  if (sdp_slot != NULL) {
-    bluetooth_sdp_record* record = sdp_slot->record_data;
+  if (sdp_slot != nullptr && (record = sdp_slot->record_data) != nullptr) {
     int handle = -1;
     switch (record->hdr.type) {
       case SDP_TYPE_MAP_MAS:
-- 
GitLab