From 55b22612cca9691aed6a10879424c0c8ad3aae4f Mon Sep 17 00:00:00 2001
From: William Escande <wescande@google.com>
Date: Wed, 24 Apr 2024 21:48:05 +0000
Subject: Revert "Fix crash by passing original slot id to avoid race
 condition."

This reverts commit 33fae77ebc84f566c0e8c0bfd6a13a7bb90dcee6.

Reason for revert: Initial patch is untested and very dangerous, instead of crashing we are now allowing to return any unused slot (0 being the default value of the static memory).
We decided to revert in order to have an actionnable crash instead of a silent error that use slot

Bug: 316684925
Change-Id: Ia47602329803e8671df90dd95cb4e16956ef64f7
Test: None
Flag: EXEMPT Revert
---
 system/btif/src/btif_sock_rfc.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/system/btif/src/btif_sock_rfc.cc b/system/btif/src/btif_sock_rfc.cc
index ed031863ed..19329238ca 100644
--- a/system/btif/src/btif_sock_rfc.cc
+++ b/system/btif/src/btif_sock_rfc.cc
@@ -151,6 +151,8 @@ static rfc_slot_t* find_free_slot(void) {
 }
 
 static rfc_slot_t* find_rfc_slot_by_id(uint32_t id) {
+  CHECK(id != 0);
+
   for (size_t i = 0; i < ARRAY_SIZE(rfc_slots); ++i)
     if (rfc_slots[i].id == id) return &rfc_slots[i];
 
@@ -766,7 +768,7 @@ static void jv_dm_cback(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t id) {
       rs->scn = p_data->scn;
       // Send channel ID to java layer
       if (!send_app_scn(rs)) {
-        log::warn("send_app_scn() failed, closing rs->id:{}", id);
+        log::warn("send_app_scn() failed, closing rs->id:{}", rs->id);
         cleanup_rfc_slot(rs);
         break;
       }
@@ -774,7 +776,7 @@ static void jv_dm_cback(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t id) {
       if (rs->is_service_uuid_valid) {
         // BTA_JvCreateRecordByUser will only create a record if a UUID is
         // specified. RFC-only profiles
-        BTA_JvCreateRecordByUser(id);
+        BTA_JvCreateRecordByUser(rs->id);
       } else {
         // If uuid is null, just allocate a RFC channel and start the RFCOMM
         // thread needed for the java layer to get a RFCOMM channel.
@@ -785,7 +787,7 @@ static void jv_dm_cback(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t id) {
             "the RFCOMM server");
         // now start the rfcomm server after sdp & channel # assigned
         BTA_JvRfcommStartServer(rs->security, rs->scn, MAX_RFC_SESSION,
-                                rfcomm_cback, id);
+                                rfcomm_cback, rs->id);
       }
       break;
     }
@@ -814,7 +816,7 @@ static void jv_dm_cback(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t id) {
 
       // Start the rfcomm server after sdp & channel # assigned.
       BTA_JvRfcommStartServer(slot->security, slot->scn, MAX_RFC_SESSION,
-                              rfcomm_cback, id);
+                              rfcomm_cback, slot->id);
       break;
     }
 
-- 
cgit v1.2.3-59-g8ed1b