Backtrace:
0 0xb2c5a112 in __bt_hal_parse_uuid (len=len@entry=44300, src=0x0, src@entry=0x102 <error: Cannot access memory at address 0x102>, dest=dest@entry=0xbe3747b4 "", length=0xbe3747ac, length@entry=0xbe37478c, is_solicit=is_solicit@entry=1) at /usr/include/bits/string_fortified.h:34 --> bluetooth-frwk-oal (rpm)
1 0xb2c5b2d2 in _bt_hal_set_advertising_data (adv_param_setup=...) at /usr/src/debug/bluetooth-frwk-0.6.0/bt-oal/bluez_hal/src/bt-hal-adapter-le.c:802 --> bluetooth-frwk-oal (rpm)
The crash was occuring due to parsing of wrong appearance
characteristic length.
This patch fixes the same.
Change-Id: I48524f69158b7fd3ac01811f05f2d9dbfe139fc6
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Signed-off-by: Dohyun Pyun <dh79.pyun@samsung.com>
memcpy((adv_setup->service_uuid), (ptr + 2), (len - 1));
adv_setup->service_uuid_len = len;
break;
- case 0x14: { /* 16 bit Solicit UUID */
+ case 0x14: { /* 16 bit Solicit UUID */
int c;
num_uuids = (len -1)/2;
adv_setup->solicit_uuid = g_malloc0(sizeof(char) * 16 * num_uuids);
break;
}
case 0x19: {
+ if (len != (BLUETOOTH_APPEARANCE_LENGTH + 1)) {
+ BT_ERR("Appearance characteristic length is invalid");
+ return BLUETOOTH_ERROR_INVALID_PARAM;
+ }
#ifdef TIZEN_BT_HAL
adv_setup->include_appearance = 1;
#endif
#define BLUETOOTH_ADVERTISING_DATA_LENGTH_MAX 31 /**< This specifies maximum AD data length */
#define BLUETOOTH_SCAN_RESP_DATA_LENGTH_MAX 31 /**< This specifies maximum LE Scan response data length */
#define BLUETOOTH_MANUFACTURER_DATA_LENGTH_MAX 240 /**< This specifies maximum manufacturer data length */
+#define BLUETOOTH_APPEARANCE_LENGTH 2 /**< This specifies bluetooth device appearance characteristic length */
#define BLUETOOTH_MAX_SERVICES_FOR_DEVICE 40 /**< This specifies maximum number of services
a device can support */
projects / platform / core / connectivity / bluetooth-frwk.git / commitdiff