From: Andrei Emeltchenko <[email protected]>
Parameter passed needs to be of size number otherwise there is buffer
overflow.
---
unit/test-avrcp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c
index 02f9949..1368933 100644
--- a/unit/test-avrcp.c
+++ b/unit/test-avrcp.c
@@ -402,10 +402,15 @@ static int get_attribute_text(struct avrcp *session, uint8_t transaction,
uint8_t number, uint8_t *attrs,
void *user_data)
{
- const char *text[] = { "equalizer" };
+ const char *text[number];
DBG("");
+ if (number) {
+ memset(text, 0, number);
+ text[0] = "equalizer";
+ }
+
avrcp_get_player_attribute_text_rsp(session, transaction, number, attrs,
text);
--
1.8.3.2
Hi Andrei,
On Wed, Mar 19, 2014 at 2:26 PM, Andrei Emeltchenko
<[email protected]> wrote:
> From: Andrei Emeltchenko <[email protected]>
>
> Parameter passed needs to be of size number otherwise there is buffer
> overflow.
> ---
> unit/test-avrcp.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c
> index 02f9949..1368933 100644
> --- a/unit/test-avrcp.c
> +++ b/unit/test-avrcp.c
> @@ -402,10 +402,15 @@ static int get_attribute_text(struct avrcp *session, uint8_t transaction,
> uint8_t number, uint8_t *attrs,
> void *user_data)
> {
> - const char *text[] = { "equalizer" };
> + const char *text[number];
>
> DBG("");
>
> + if (number) {
> + memset(text, 0, number);
> + text[0] = "equalizer";
> + }
> +
> avrcp_get_player_attribute_text_rsp(session, transaction, number, attrs,
> text);
>
> --
> 1.8.3.2
Pushed.
--
Luiz Augusto von Dentz
Hi Andrei,
On Tue, Mar 18, 2014 at 3:31 PM, Andrei Emeltchenko
<[email protected]> wrote:
> From: Andrei Emeltchenko <[email protected]>
>
> values[] should be the same size as attr[].
> ---
> unit/test-avrcp.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c
> index ec70da4..02f9949 100644
> --- a/unit/test-avrcp.c
> +++ b/unit/test-avrcp.c
> @@ -439,10 +439,12 @@ static int get_value_text(struct avrcp *session, uint8_t transaction,
> static int get_value(struct avrcp *session, uint8_t transaction,
> uint8_t number, uint8_t *attrs, void *user_data)
> {
> - uint8_t values[2] = { 0x00, 0x00 };
> + uint8_t values[number];
>
> DBG("");
>
> + memset(values, 0, number);
> +
> avrcp_get_current_player_value_rsp(session, transaction, number, attrs,
> values);
>
> --
> 1.8.3.2
Applied, thanks.
--
Luiz Augusto von Dentz