diff options
| author | Archie Pusaka <apusaka@chromium.org> | 2021-06-17 08:53:34 +0800 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-06-17 13:47:11 -0700 |
| commit | 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 (patch) | |
| tree | c7a2a034ee53ab59ef1fb44611d9ae5368152bff /profiles | |
| parent | dda85ae73f31309dd43b239296d47de6b4bfa132 (diff) | |
| download | bluez-0388794dc5fdb73a4ea88bcf148de0a12b4364d4.tar.gz | |
avdtp: Fix parsing capabilities
This patch fixes size comparison and variable misassignment.
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Michael Sun <michaelfsun@google.com>
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/audio/avdtp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index c7bf99f42..5d13104c1 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -1323,7 +1323,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size, cap = (struct avdtp_service_capability *)data; - if (sizeof(*cap) + cap->length >= size) { + if (sizeof(*cap) + cap->length > size) { error("Invalid capability data in getcap resp"); break; } @@ -1345,7 +1345,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size, switch (cap->category) { case AVDTP_MEDIA_CODEC: if (codec) - *codec = cap; + *codec = cpy; break; case AVDTP_DELAY_REPORTING: if (delay_reporting) |