Fix the latent defects on AddressSanitizer

Change-Id: I2be13f59bc166b38037acf3efe0813a4162f7f9a
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/src/bluetooth-common.c b/src/bluetooth-common.c
index d735134..9326803 100644 (file)
--- a/src/bluetooth-common.c
+++ b/src/bluetooth-common.c
@@ -638,8 +638,17 @@ void _bt_convert_address_to_hex(bluetooth_device_address_t *addr_hex, const char
 {
        char *ptr1, *ptr2, *ptr3, *ptr4, *ptr5;
 
-       if (addr_str == NULL || addr_str[0] == '\0')
+       if (addr_str == NULL || strlen(addr_str) != 17) {
+               BT_ERR("Invalid address string: %s", addr_str);
                return;
+       }
+
+       if (addr_str[2] != ':' || addr_str[5] != ':' ||
+                addr_str[8] != ':' || addr_str[11] != ':' ||
+                 addr_str[14] != ':' || addr_str[17] != '\0') {
+               BT_ERR("Invalid MAC format");
+               return;
+       }
 
        addr_hex->addr[0] = strtol(addr_str, &ptr5, 16);
        addr_hex->addr[1] = strtol(ptr5 + 1, &ptr4, 16);

diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index f7a9195..8ac60c1 100644 (file)
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -3161,6 +3161,9 @@ int bt_gatt_server_send_response(int request_id, bt_gatt_att_request_type_e requ
        bluetooth_gatt_att_data_t resp;
        bluetooth_gatt_server_response_params_t param;
 
+       if (value_length < 0 || value_length >= BLUETOOTH_GATT_ATT_DATA_LENGTH_MAX)
+               return BT_ERROR_INVALID_PARAMETER;
+
        memset(&resp,  0x00, sizeof(resp));
        memset(&param, 0x00, sizeof(param));