diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2016-07-28 15:01:09 +0300 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2016-07-29 14:12:49 +0300 |
commit | 97531e944c0e59b68b69987d4324907a993e5f8d (patch) | |
tree | 818bb10a25c3b9560ebaf4f5b44c4fd0eef07d22 /lib | |
parent | f21c36ab2b202474de37c8f720f2e6a0dede350c (diff) | |
download | bluez-97531e944c0e59b68b69987d4324907a993e5f8d.tar.gz |
lib/uuid: Fix using unitialized values
The strings passed to bt_uuid_strcmp may not be valid UUIDs so the return
of bt_string_to_uuid needs to be checked otherwise bt_uuid_cmp may attempt
to access unitialized values:
Conditional jump or move depends on uninitialised value(s)
at 0x4C1D4D: bt_uuid_to_uuid128 (uuid.c:78)
by 0x4C1F22: bt_uuid_cmp (uuid.c:131)
by 0x4C24A8: bt_uuid_strcmp (uuid.c:286)
by 0x40F8A8: reconnect_match (policy.c:514)
by 0x40F8A8: service_cb (policy.c:655)
by 0x499331: change_state (service.c:109)
by 0x499BBB: btd_service_connecting_complete (service.c:361)
by 0x4178C1: stream_state_changed (source.c:163)
by 0x422C78: avdtp_sep_set_state (avdtp.c:1013)
by 0x42372A: handle_transport_connect (avdtp.c:844)
by 0x423D8B: avdtp_connect_cb (avdtp.c:2326)
by 0x465BBB: connect_cb (btio.c:232)
by 0x50CA702: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.1)
Uninitialised value was created by a stack allocation
at 0x4C2460: bt_uuid_strcmp (uuid.c:280)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/uuid.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/uuid.c b/lib/uuid.c index ac071fa3f..d4c7002f5 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -280,8 +280,11 @@ int bt_uuid_strcmp(const void *a, const void *b) { bt_uuid_t u1, u2; - bt_string_to_uuid(&u1, a); - bt_string_to_uuid(&u2, b); + if (bt_string_to_uuid(&u1, a) < 0) + return -EINVAL; + + if (bt_string_to_uuid(&u2, b) < 0) + return -EINVAL; return bt_uuid_cmp(&u1, &u2); } |