Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp41089pxj; Wed, 16 Jun 2021 19:43:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuApwMt+teUOe+GY+9Q6ZEOjl9zLxeX127P6INWmAsfBI72rd4AwxP1myWrAAf5HzOf68l X-Received: by 2002:a05:6402:34c6:: with SMTP id w6mr3470044edc.174.1623897834807; Wed, 16 Jun 2021 19:43:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623897834; cv=none; d=google.com; s=arc-20160816; b=S5A3/FTJNz1N5U9y5331pap1/8XEO5b8LZ8fIf7fqjODjTMbylyYrbetKuK+vOkOvP UR+41Xf6WFKiuwv1lMaQGR7Algi8Dpg16mEFjXJNrwD4dYKtQZtYXwPi1WSCpqIBVeLX eC52AXYeoBehzUNkwZIaI939lbs9jFgqhocz+CIKIrJHQPS/roUNA0awlOIq1/V69Mjf OXLaG5zNxfs1rwh8Yz59vHNmU02/EcYqIqO6qoSad+AZrrH+00XGeNRzosIe0SCw8InE N+EuxbxOJ2z0UlxEaqVd+/5KPShZNBfHqChMJhRnqz1fHBicQfr00vVw/b6dPWhFUrPk FM3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=IV5fU8L1u4KGETor9hcG26C/t67/z8BNghTVJSa60ws=; b=AS1n5GyMnHW39QbzOxPQWN4H2fAfShu3mREubSlHOS8lhthMWo48ia+8yosVWg6CcR fhLtkciwa5fVQhyHnY9ZCb/M/D/74BPE+SJoI/iLM3sdVTMdr++2Am242KYR2gpYvSam f2cyFIhdZ5wZzHZmWuj6sTmT2hznC5LRq8cXY8sY5zB1ftx74ZyCpH8xkofGBPl30QwZ Mowx+sA6yjG2K0wnvok2Q5AVMDCqMYapy4u3U6Qj0LVgEv5EoPuwydOAw8oOnLuk7kCE iel6wC3guj6/Q3IqR5+8UwFORxu4osdi2lc9MyzJPhdSc1rz8Rf+ctqmP34BiUDcRvlu 0qyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BIZ6fJof; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w10si3963757edv.325.2021.06.16.19.43.31; Wed, 16 Jun 2021 19:43:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BIZ6fJof; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231501AbhFQA4E (ORCPT + 99 others); Wed, 16 Jun 2021 20:56:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230055AbhFQA4D (ORCPT ); Wed, 16 Jun 2021 20:56:03 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38F7EC061574 for ; Wed, 16 Jun 2021 17:53:56 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id m133-20020a37a38b0000b02903adaf1dd081so823142qke.14 for ; Wed, 16 Jun 2021 17:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=IV5fU8L1u4KGETor9hcG26C/t67/z8BNghTVJSa60ws=; b=BIZ6fJofqcslifr4HOCMqdnewhm7OYjzLwHJ5oBwQ3GB0FT7wpXdpI5OoBvcRQuj9Y SU5CWD4VRedqe9HqvwoOeVPbQQV87KJ37tn5ZLeKxoQVprp4NfyZbkNB59Q8fBQtIOi/ /Vm0of92HoDXLWhTWPAF6Rxl/IgZ8SGT6KBtI3gwZi4bE5LCdE3oK1uHXQEKJSU/1cCv mtSMim2waokjLGodq0aiKYVJABmoR7oKvKCDOrPnKVBPFAhjXLXnwMfi2dWPKViKv0Vo oTU1GUxiWwUQqnr63QdKGMj39WG/xbbXHkeqYg5Fd5wj20KFJxb6sMgrEow0XygPoAlh /S6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=IV5fU8L1u4KGETor9hcG26C/t67/z8BNghTVJSa60ws=; b=EYn5TM3Q90l6ge4hqVv3ZclCL7evTraEBfywuyedhtHH7S8vP+cNuKRxEo7+tQ+TPt xKwd9byBQDDZHS9lZ/j/d1XUEojyeE0AUAyX028xC5bQKPLvyCqlIsZRiYDSsgj7QmA4 O0yHvgD8lZVYe2myIvZM0u9bE8oOiWrQPaA5ge1NDCijgvbLTQ3P5UO2gQsWyHx7t2K+ kD+JsqTLu4ye/EQJliI0dUhRW05E8U8NQ3QKJlKQhEV+FPy4gK7CxefkF+VDGWeY9BCc LiT7dmUWuFGFZ+rMqE77Upbh4MYU1W0HQuNAI999mUS/s3X030Jz0D6QWamhmWPhJsZL MBHg== X-Gm-Message-State: AOAM530Kj/+hiLNlaraI4H1NJaobUsv3Lnq8GQuUj4EBnc4OcOrMHvgJ Q2sO+G8/ykJOOJBSOOVXHkWg9zgyRz1EMJ7OoNDTtX78agpD35Ov3SIAHipv/5cHN4Z2tAoDX46 mm6KNzLt9/7pzKqP3+gfwgNt69vZEFRHKwykmDMGtpzKbVBW4j1HE1tt217yHfzIyRRG2y49DgT 9m X-Received: from apusaka-p920.tpe.corp.google.com ([2401:fa00:1:10:bad3:2a68:722e:8bc5]) (user=apusaka job=sendgmr) by 2002:ad4:4d44:: with SMTP id m4mr3090537qvm.14.1623891235216; Wed, 16 Jun 2021 17:53:55 -0700 (PDT) Date: Thu, 17 Jun 2021 08:53:34 +0800 Message-Id: <20210617085321.Bluez.1.Ibf5dbfc72abf7d12ffbf18219832e19d965ba024@changeid> Mime-Version: 1.0 X-Mailer: git-send-email 2.32.0.272.g935e593368-goog Subject: [Bluez PATCH] avdtp: Fix parsing capabilities From: Archie Pusaka To: linux-bluetooth , Luiz Augusto von Dentz Cc: CrosBT Upstreaming , Archie Pusaka , Alain Michaud , Michael Sun Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Archie Pusaka This patch fixes size comparison and variable misassignment. Reviewed-by: Alain Michaud Reviewed-by: Michael Sun --- profiles/audio/avdtp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index c7bf99f429..5d13104c10 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -1323,7 +1323,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size, cap = (struct avdtp_service_capability *)data; - if (sizeof(*cap) + cap->length >= size) { + if (sizeof(*cap) + cap->length > size) { error("Invalid capability data in getcap resp"); break; } @@ -1345,7 +1345,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size, switch (cap->category) { case AVDTP_MEDIA_CODEC: if (codec) - *codec = cap; + *codec = cpy; break; case AVDTP_DELAY_REPORTING: if (delay_reporting) -- 2.32.0.272.g935e593368-goog