From: Johann Felix Soden <[email protected]>
The pointer data can point to the variable ctv.
Access to data happens when ctv is already out of scope.
Signed-off-by: Johann Felix Soden <[email protected]>
---
net/bluetooth/hci_sock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 688cfeb..b0e6108 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -338,8 +338,8 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
data = &tv;
len = sizeof(tv);
#ifdef CONFIG_COMPAT
+ struct compat_timeval ctv;
if (msg->msg_flags & MSG_CMSG_COMPAT) {
- struct compat_timeval ctv;
ctv.tv_sec = tv.tv_sec;
ctv.tv_usec = tv.tv_usec;
data = &ctv;
--
1.6.6.2
Hi Johann,
> The pointer data can point to the variable ctv.
> Access to data happens when ctv is already out of scope.
patch has been applied to my bluetooth-2.6 tree.
Regards
Marcel