2015-02-04 02:16:25

by Jakub Pawlowski

[permalink] [raw]
Subject: [PATCH] shared/gatt-client: fix overflow bug in find_service_for_handle

find_service_for_handle was manually computing end handle. It was
causing overflow for last service in range, that always ends at 0xFFFF.
That caused service for handle not being found.

Signed-off-by: Jakub Pawlowski <[email protected]>
---
src/shared/gatt-db.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index 780d640..f72d58e 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -1170,10 +1170,9 @@ static bool find_service_for_handle(const void *data, const void *user_data)
uint16_t handle = PTR_TO_UINT(user_data);
uint16_t start, end;

- start = service->attributes[0]->handle;
- end = start + service->num_handles;
+ gatt_db_service_get_handles(service, &start, &end);

- return (start <= handle) && (handle < end);
+ return (start <= handle) && (handle <= end);
}

struct gatt_db_attribute *gatt_db_get_attribute(struct gatt_db *db,
--
2.2.0.rc0.207.ga3a616c



2015-02-04 16:01:45

by Luiz Augusto von Dentz

[permalink] [raw]
Subject: Re: [PATCH] shared/gatt-client: fix overflow bug in find_service_for_handle

Hi Jakub,

On Wed, Feb 4, 2015 at 4:16 AM, Jakub Pawlowski <[email protected]> wrote:
> find_service_for_handle was manually computing end handle. It was
> causing overflow for last service in range, that always ends at 0xFFFF.
> That caused service for handle not being found.
>
> Signed-off-by: Jakub Pawlowski <[email protected]>
> ---
> src/shared/gatt-db.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
> index 780d640..f72d58e 100644
> --- a/src/shared/gatt-db.c
> +++ b/src/shared/gatt-db.c
> @@ -1170,10 +1170,9 @@ static bool find_service_for_handle(const void *data, const void *user_data)
> uint16_t handle = PTR_TO_UINT(user_data);
> uint16_t start, end;
>
> - start = service->attributes[0]->handle;
> - end = start + service->num_handles;
> + gatt_db_service_get_handles(service, &start, &end);
>
> - return (start <= handle) && (handle < end);
> + return (start <= handle) && (handle <= end);
> }
>
> struct gatt_db_attribute *gatt_db_get_attribute(struct gatt_db *db,
> --
> 2.2.0.rc0.207.ga3a616c

Applied, thanks.


--
Luiz Augusto von Dentz