Fixed seg fault when filtering Linux BLE devices.

The loop used to filter Linux BLE devices by UUID iterated through a
zero-terminated array, and used the zero terminator as the stopping
condition.  However, it neglected to dereference the iterator to check
for the zero terminator, and incorrectly checked the iterator itself.
That resulted in the loop body dereferencing and using the last
element, the zero terminator, in a strcasecmp() call, and ultimately
seg faulting.

Rather than depend on the zero-terminator, obtain the length of the
array and use it to determine the end iterator beforehand.

Change-Id: Idecee74d19ebe01a812ecf17365f39be9ae1f7fe
Signed-off-by: Ossama Othman <ossama.othman@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/2142
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Erich Keane <erich.keane@intel.com>

diff --git a/resource/csdk/connectivity/src/bt_le_adapter/linux/caleinterface.c b/resource/csdk/connectivity/src/bt_le_adapter/linux/caleinterface.c
index 73703e0..0ed2715 100644 (file)
--- a/resource/csdk/connectivity/src/bt_le_adapter/linux/caleinterface.c
+++ b/resource/csdk/connectivity/src/bt_le_adapter/linux/caleinterface.c
@@ -649,7 +649,8 @@ static bool CALEDeviceFilter(GDBusProxy * device)
         return accepted;
     }
 
-    char const ** const UUIDs = g_variant_get_strv(prop, NULL);
+    gsize length = 0;
+    char const ** const UUIDs = g_variant_get_strv(prop, &length);
 
     /**
      * @note It would have been nice to use @c g_strv_contains() here,
@@ -658,7 +659,8 @@ static bool CALEDeviceFilter(GDBusProxy * device)
      *       Just run the loop manually, and use @c strcasecmp()
      *       instead.
      */
-    for (char const * const * u = UUIDs; u != NULL; ++u)
+    char const * const * const end = UUIDs + length;
+    for (char const * const * u = UUIDs; u != end; ++u)
     {
         if (strcasecmp(*u, CA_GATT_SERVICE_UUID) == 0)
         {