---
android/gatt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/android/gatt.c b/android/gatt.c
index c8af09c..e7f7c86 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -4440,6 +4440,7 @@ static uint8_t read_by_group_type(const uint8_t *cmd, uint16_t cmd_len,
if (!queue_push_tail(device->pending_requests, entry)) {
queue_remove_all(device->pending_requests, NULL, NULL,
destroy_pending_request);
+ free(entry);
queue_destroy(q, NULL);
return ATT_ECODE_UNLIKELY;
}
--
1.9.3
Hi Jakub,
On Monday 26 of May 2014 09:32:42 Jakub Tyszkowski wrote:
> ---
> android/gatt.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index c8af09c..e7f7c86 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -4440,6 +4440,7 @@ static uint8_t read_by_group_type(const uint8_t *cmd, uint16_t cmd_len,
> if (!queue_push_tail(device->pending_requests, entry)) {
> queue_remove_all(device->pending_requests, NULL, NULL,
> destroy_pending_request);
> + free(entry);
> queue_destroy(q, NULL);
> return ATT_ECODE_UNLIKELY;
> }
>
Both patches applied, thanks.
--
Best regards,
Szymon Janc
This fixes the following:
==25759== Syscall param socketcall.sendmsg(msg.msg_iov[i]) points to
uninitialised byte(s)
==25759== at 0x521C570: __sendmsg_nocancel (syscall-template.S:82)
==25759== by 0x41688F: ipc_send (ipc.c:366)
==25759== by 0x40ECF8: send_ssp_request (bluetooth.c:1028)
==25759== by 0x4110A6: user_confirm_request_callback
(bluetooth.c:1055)
==25759== by 0x4094FE: queue_foreach (queue.c:186)
==25759== by 0x409FCF: can_read_data (mgmt.c:287)
==25759== by 0x408E4C: read_callback (io-glib.c:168)
==25759== by 0x4E79D12: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x4E7A05F: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x4E7A459: g_main_loop_run (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x40454D: main (main.c:538)
==25759== Address 0x7ff00085d is on thread 1's stack
==25759== Uninitialised value was created by a stack allocation
==25759== at 0x40EC77: send_ssp_request (bluetooth.c:1018)
---
android/bluetooth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/android/bluetooth.c b/android/bluetooth.c
index 93b9cd7..85409a3 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -1018,6 +1018,8 @@ static void send_ssp_request(struct device *dev, uint8_t variant,
{
struct hal_ev_ssp_request ev;
+ memset(&ev, 0, sizeof(ev));
+
bdaddr2android(&dev->bdaddr, ev.bdaddr);
memcpy(ev.name, dev->name, strlen(dev->name));
ev.class_of_dev = dev->class;
--
1.9.3