diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-01-07 13:28:46 -0800 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-01-07 13:28:46 -0800 |
| commit | 050cead360676d35a28e17ab0c70a08d816def72 (patch) | |
| tree | f8edb892396ee1696c7aee2fc731b91cd2e9b409 /profiles | |
| parent | cfab569484b18407fc117bb96634525cc76ea1f5 (diff) | |
| download | bluez-050cead360676d35a28e17ab0c70a08d816def72.tar.gz | |
avdtp: Fix runtime errors passing NULL to memcpy
Passing NULL to memcpy is considered undefined behavior which leads to
the following runtime errors:
profiles/audio/avdtp.c:2709:2: runtime error: null pointer passed as
argument 1, which is declared to never be null
profiles/audio/avdtp.c:2709:2: runtime error: null pointer passed as
argument 2, which is declared to never be null
profiles/audio/avdtp.c:3326:2: runtime error: null pointer passed as
argument 2, which is declared to never be null
profiles/audio/avdtp.c:500:3: runtime error: null pointer passed as
argument 2, which is declared to never be null
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/audio/avdtp.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index f2b461330..da4114e0f 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -497,7 +497,9 @@ static gboolean avdtp_send(struct avdtp *session, uint8_t transaction, single.signal_id = signal_id; memcpy(session->buf, &single, sizeof(single)); - memcpy(session->buf + sizeof(single), data, len); + + if (data) + memcpy(session->buf + sizeof(single), data, len); return try_send(sock, session->buf, sizeof(single) + len); } @@ -569,7 +571,7 @@ static void pending_req_free(void *data) if (req->timeout) timeout_remove(req->timeout); - g_free(req->data); + free(req->data); g_free(req); } @@ -2687,7 +2689,7 @@ static int send_req(struct avdtp *session, gboolean priority, return 0; failed: - g_free(req->data); + free(req->data); g_free(req); return err; } @@ -2705,8 +2707,7 @@ static int send_request(struct avdtp *session, gboolean priority, req = g_new0(struct pending_req, 1); req->signal_id = signal_id; - req->data = g_malloc(size); - memcpy(req->data, buffer, size); + req->data = util_memdup(buffer, size); req->data_size = size; req->stream = stream; @@ -3323,7 +3324,9 @@ struct avdtp_service_capability *avdtp_service_cap_new(uint8_t category, cap = g_malloc(sizeof(struct avdtp_service_capability) + length); cap->category = category; cap->length = length; - memcpy(cap->data, data, length); + + if (data) + memcpy(cap->data, data, length); return cap; } |