diff options
author | Johan Hedberg <johan.hedberg@intel.com> | 2013-01-22 15:48:25 +0200 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2013-01-22 15:48:36 +0200 |
commit | b01bc4c867b1e44c26d2e2d49d223b3363db2c40 (patch) | |
tree | 9aff7c86e61bed36a8f90c2ad3c3705c3178884b /src/eir.c | |
parent | 252222a414221150f0cddace93e2d852555fdc3a (diff) | |
download | bluez-b01bc4c867b1e44c26d2e2d49d223b3363db2c40.tar.gz |
core: Only set EIR data pointer after confirming it points to valid memory
Even though we do not access the memory it's still safer not to have any
pointers to it until we know it's valid.
Diffstat (limited to 'src/eir.c')
-rw-r--r-- | src/eir.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -141,7 +141,7 @@ int eir_parse(struct eir_data *eir, const uint8_t *eir_data, uint8_t eir_len) while (len < eir_len - 1) { uint8_t field_len = eir_data[0]; - const uint8_t *data = &eir_data[2]; + const uint8_t *data; uint8_t data_len; /* Check for the end of EIR */ @@ -154,6 +154,7 @@ int eir_parse(struct eir_data *eir, const uint8_t *eir_data, uint8_t eir_len) if (len > eir_len) break; + data = &eir_data[2]; data_len = field_len - 1; switch (eir_data[1]) { |