2014-09-03 20:26:28

by Arman Uguray

Subject: [PATCH] shared/gatt-client: Fix invalid access during descriptor discovery.

This patch fixes an off-by-one error during descriptor discovery, which results
in an invalid access if more than one descriptor declaration exists within a
service handle range.
---
src/shared/gatt-client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index 101e47e..1a157ec 100644
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -229,7 +229,7 @@ static void discover_descs_cb(bool success, uint8_t att_ecode,
op->cur_chrc->num_descs = desc_count;
op->cur_chrc->descs = descs;

- for (i = op->cur_chrc_index;
+ for (i = op->cur_chrc_index + 1;
i < op->cur_service->service.num_chrcs; i++) {
op->cur_chrc_index = i;
op->cur_chrc++;
--
2.1.0.rc2.206.gedb03e5

2014-09-05 03:40:53

by Marcel Holtmann

Subject: Re: [PATCH] shared/gatt-client: Fix invalid access during descriptor discovery.

Hi Arman,

> This patch fixes an off-by-one error during descriptor discovery, which results
> in an invalid access if more than one descriptor declaration exists within a
> service handle range.
> ---
> src/shared/gatt-client.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

patch has been applied.

Regards

Marcel