Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp672968rdf; Fri, 3 Nov 2023 11:22:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHg5RMzu134eUKHWuE/78CJsFxKmzyvss+oGMiAeNy9QUTvFb4L5nPXuJn8yF/cqwn+mC/Y X-Received: by 2002:a05:6358:1904:b0:168:e0db:ce43 with SMTP id w4-20020a056358190400b00168e0dbce43mr22611645rwm.31.1699035735312; Fri, 03 Nov 2023 11:22:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1699035735; cv=none; d=google.com; s=arc-20160816; b=GKY0QKDfaHFJReJ2ucGNdGlI/p6gaqYikz4e8hS/fu44m1dfh79FyRd288V/0aWyy8 kMC5+2ZPh2PxKQfldZKWuLXr8WOdTbvOSviuxecccoxGwwd9okNMHTkXaTFy7i6kc/+w U3Z6RAp7v/vxOwzbXaEikKdI2UD62zeD/eVmaRGmtyjeD4QAAwAsAt70TqsSAoeRSZ01 exNQ7Fzr/ek/vAPPQQrJi/A4GFLPNPXGRJaK7bAK1j5xKv0hVPjkCISAHgS8RrGcz1Sr RyEw2dYhMa1VcszHoPVmHuh8BpSlrNA5dPRnOlJunvwqnWux+LkvTYyQLNUkgxjWfFBp nupQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=aWAoNXf+U5dlJvp4DW66yoIB3cjzRUJfBOSdel9x/KA=; fh=q933pV6NrxIrJEaTU4dblERPskhjd3MnawLueTVokpc=; b=OY1AXFWF93Uv3698OsTJ9SqvwXm0QHB92T3cZxSSh/Nxf8ns83DKqV5bF/BWrGhw4z 6v1TkzaK5KUHdwq0vWu0wrVPG/JDUXGk9WoFkRZEMY6gjbsrHvvNDU+LFtvZ/Aent0ud dH2eE1N0Qf1IUO+79UDno7i+AoONOYuizjo7b/K0aLt4CG98iluxRmhZ6QZcyDWX/EHS 23+1Yv7Em/89FwW+hEygI1vP6JzDXPbyg4+1CKblrrQtq+pZGqcAvfREXZk9Rdj/PKQd Kjqhn5ZwCoupZWLLnGyL8JRqxCWJcs479KHY/hPbB8g/cvQYvlF/BIjuHojDN/+aIXE+ JXNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id t190-20020a6381c7000000b00578a7f5a0b1si1861071pgd.393.2023.11.03.11.22.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Nov 2023 11:22:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 9AC138135E03; Fri, 3 Nov 2023 11:22:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233934AbjKCSWI (ORCPT + 99 others); Fri, 3 Nov 2023 14:22:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233756AbjKCSWH (ORCPT ); Fri, 3 Nov 2023 14:22:07 -0400 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 204C6CF for ; Fri, 3 Nov 2023 11:22:05 -0700 (PDT) Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4SMTbt0xmXz9t0M; Fri, 3 Nov 2023 19:22:02 +0100 (CET) From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= To: linux-bluetooth@vger.kernel.org Cc: zbrown@gnome.org, =?UTF-8?q?Jonas=20Dre=C3=9Fler?= Subject: [PATCH BlueZ 3/4] lib/sdp: Use correct string length in sdp_copy_seq() Date: Fri, 3 Nov 2023 19:21:49 +0100 Message-ID: <20231103182150.60088-4-verdre@v0yd.nl> In-Reply-To: <20231103182150.60088-1-verdre@v0yd.nl> References: <20231103182150.60088-1-verdre@v0yd.nl> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 03 Nov 2023 11:22:07 -0700 (PDT) sdp_data_t->unitSize for strings in the SDP record is `sizeof(uint8_t) + strlen(str)`. The "length" argument of sdp_data_alloc_with_length() is expected to be only the length of the string (so `sdp_data_t->unitSize - sizeof(uint8_t)`). Since the last commit, in sdp_copy_seq() we're allocating one byte too much for strings now, because the `sizeof(uint8_t)` is not subtracted from unitSize there. Fix this by making use of the length returned by sdp_data_value() and pass that on to sdp_data_alloc_with_length(). Co-developed-by: Zander Brown --- lib/sdp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/sdp.c b/lib/sdp.c index 006ab057a..4b10d8f67 100644 --- a/lib/sdp.c +++ b/lib/sdp.c @@ -1527,10 +1527,10 @@ static sdp_data_t *sdp_copy_seq(sdp_data_t *data) for (tmp = data; tmp; tmp = tmp->next) { sdp_data_t *datatmp; void *value; + uint32_t len = 0; - value = sdp_data_value(tmp, NULL); - datatmp = sdp_data_alloc_with_length(tmp->dtd, value, - tmp->unitSize); + value = sdp_data_value(tmp, &len); + datatmp = sdp_data_alloc_with_length(tmp->dtd, value, len); if (cur) cur->next = datatmp; -- 2.41.0