Return-Path: Subject: [PATCH] Bluetooth: Fix out of scope variable access in hci_sock_cmsg() From: Johann Felix Soden To: Marcel Holtmann Cc: linux-bluetooth@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Date: Mon, 15 Feb 2010 22:23:48 +0100 Message-ID: <1266269028.8680.4.camel@LAPJFS> Mime-Version: 1.0 List-ID: From: Johann Felix Soden The pointer data can point to the variable ctv. Access to data happens when ctv is already out of scope. Signed-off-by: Johann Felix Soden --- net/bluetooth/hci_sock.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 688cfeb..b0e6108 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -338,8 +338,8 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ data = &tv; len = sizeof(tv); #ifdef CONFIG_COMPAT + struct compat_timeval ctv; if (msg->msg_flags & MSG_CMSG_COMPAT) { - struct compat_timeval ctv; ctv.tv_sec = tv.tv_sec; ctv.tv_usec = tv.tv_usec; data = &ctv; -- 1.6.6.2