projects / platform / upstream / bluez.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e5e805)
shared/gatt-client: Fix not checking valid ranges
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Thu, 1 Dec 2022 01:45:09 +0000 (17:45 -0800)
committerAyush Garg <ayush.garg@samsung.com>
Fri, 5 Jan 2024 10:11:34 +0000 (15:41 +0530)
When attempting to update discovery ranges the code shall verify if the
range is still valid (handles != 0x0000 and start < end).

src/shared/gatt-client.c patch | blob | history

diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index 1633364..54b2526 100644 (file)
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -1140,6 +1140,20 @@ static bool match_handle_range(const void *data, const void *match_data)
                                        (match_range->start <= range->end);
 }
 
+static struct handle_range *range_new(uint16_t start, uint16_t end)
+{
+       struct handle_range *range;
+
+       if (!start || !end || start > end)
+               return NULL;
+
+       range = new0(struct handle_range, 1);
+       range->start = start;
+       range->end = end;
+
+       return range;
+}
+
 static void remove_discov_range(struct discovery_op *op, uint16_t start,
                                                                uint16_t end)
 {
@@ -1156,16 +1170,18 @@ static void remove_discov_range(struct discovery_op *op, uint16_t start,
        if ((range->start == start) && (range->end == end)) {
                queue_remove(op->discov_ranges, range);
                free(range);
-       } else if (range->start == start)
+       } else if (range->start == start) {
                range->start = end + 1;
-       else if (range->end == end)
+               if (!range->start || range->start > range->end) {
+                       queue_remove(op->discov_ranges, range);
+                       free(range);
+               }
+       } else if (range->end == end)
                range->end = start - 1;
        else {
-               new_range = new0(struct handle_range, 1);
-               new_range->start = end + 1;
-               new_range->end = range->end;
-
-               queue_push_after(op->discov_ranges, range, new_range);
+               new_range = range_new(end + 1, range->end);
+               if (new_range)
+                       queue_push_after(op->discov_ranges, range, new_range);
 
                range->end = start - 1;
        }
Domain: Network & Connectivity / Bluetooth;