Hi, On Fri, Sep 25, 2009 at 5:36 PM, Steve Grubb <sgrubb@xxxxxxxxxx> wrote: > Hello, > > I was doing some code reviews of the 4.54 release and found a couple > things that should be fixed up. The first is that in audio/pcm_bluetooth.c, > a data structure is being overrun. Because the underlying buffer is 512 > bytes, no overflow really occurs. What appears to happen is too much > data gets copied. > > The other issue is in cups/main.c, error is a stack variable and its address > cannot be NULL. So, no need to check its value. > > Signed-off-by: Steve Grubb <sgrubb@xxxxxxxxxx> > > > diff -urp bluez-4.54.orig/audio/pcm_bluetooth.c bluez-4.54/audio/pcm_bluetooth.c > --- bluez-4.54.orig/audio/pcm_bluetooth.c 2009-09-25 11:33:47.000000000 -0400 > +++ bluez-4.54/audio/pcm_bluetooth.c 2009-09-25 14:35:35.000000000 -0400 > @@ -729,7 +729,7 @@ static int bluetooth_a2dp_hw_params(snd_ > req->h.length = sizeof(*req); > > memcpy(&req->codec, &a2dp->sbc_capabilities, > - sizeof(a2dp->sbc_capabilities)); > + sizeof(req->codec)); Be careful that this structs are different, we really want to copy sbc codec capabilities which is used to configure latter. -- Luiz Augusto von Dentz Engenheiro de Computação -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html