bluetooth: Fix EIR parsing
Fix parsing of EIR data to avoid reading data from wrong offset.
This also fix invalid memory access reported by valgrind which could
potentially result in daemon crash.
neard[30296]: src/bluetooth.c:bt_parse_eir()
neard[30296]: Unknown EIR: x03 (len: 4)
neard[30296]: Unknown EIR: x00 (len: 253)
==30296== Invalid read of size 1
==30296== at 0x8064DF8: __near_bluetooth_parse_oob_record (bluetooth.c:531)
==30296== by 0x8060DF3: parse_mime_type.isra.3 (ndef.c:1299)
==30296== by 0x8062043: near_ndef_parse (ndef.c:2124)
==30296== by 0x8063BB7: near_tlv_parse (tlv.c:95)
==30296== by 0x8053252: data_recv (nfctype2.c:148)
==30296== by 0x8059D03: execute_recv_cb (adapter.c:846)
==30296== by 0x408D1BF: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x408FEF2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409028F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x40906EA: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x41E44D2: (below main) (libc-start.c:226)
==30296== Address 0x4556405 is 13 bytes inside a block of size 22 free'd
==30296== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30296== by 0x4095FCA: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409613F: g_free (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x805CCAF: near_tag_get_tag (tag.c:94)
==30296== by 0x8052F36: meta_recv (nfctype2.c:221)
==30296== by 0x8059D03: execute_recv_cb (adapter.c:846)
==30296== by 0x408D1BF: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x408FEF2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409028F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x40906EA: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x41E44D2: (below main) (libc-start.c:226)