Branch: refs/heads/master Home: https://github.com/bluez/bluez Commit: fdb5ba2cbff3e8f1411ab188fa84b58879b92b83 https://github.com/bluez/bluez/commit/fdb5ba2cbff3e8f1411ab188fa84b58879b92b83 Author: Jonas Dreßler <verdre@xxxxxxx> Date: 2023-11-13 (Mon, 13 Nov 2023) Changed paths: M lib/sdp.c Log Message: ----------- lib/sdp: Allocate strings in sdp_data_t with NULL termination In extract_str() we create sdp_data_t with strings and allocate sdp_data_t->val.str an extra 0-byte as NULL termination. In sdp_data_alloc_with_length() we're missing this, and strlen() in sdp_get_string_attr() ends up overrunning the sdpdata->val.str buffer looking for the NULL termination. Allocate the extra 0-byte for sdp_data_t->val.str to ensure this overrun can't happen. Co-developed-by: Zander Brown <zbrown@xxxxxxxxx> Commit: cfcc6346a96a9a4c3123ddc5bb395e079efe5205 https://github.com/bluez/bluez/commit/cfcc6346a96a9a4c3123ddc5bb395e079efe5205 Author: Jonas Dreßler <verdre@xxxxxxx> Date: 2023-11-13 (Mon, 13 Nov 2023) Changed paths: M lib/sdp.c Log Message: ----------- lib/sdp: Don't assume uint8_t has size 1 Assuming the size of of uint8_t is bad practice, we use sizeof(uint8_t) everywhere else and the use of sizeof makes it clear we're accounting for the descriptor here rather than just randomly subtracting 1, so change that. Co-developed-by: Zander Brown <zbrown@xxxxxxxxx> Commit: 5afa25c95e6aadd431941b410b4d5fdd44b7458a https://github.com/bluez/bluez/commit/5afa25c95e6aadd431941b410b4d5fdd44b7458a Author: Jonas Dreßler <verdre@xxxxxxx> Date: 2023-11-13 (Mon, 13 Nov 2023) Changed paths: M lib/sdp.c Log Message: ----------- lib/sdp: Use correct string length in sdp_copy_seq() sdp_data_t->unitSize for strings in the SDP record is `sizeof(uint8_t) + strlen(str)`. The "length" argument of sdp_data_alloc_with_length() is expected to be only the length of the string (so `sdp_data_t->unitSize - sizeof(uint8_t)`). Since the last commit, in sdp_copy_seq() we're allocating one byte too much for strings now, because the `sizeof(uint8_t)` is not subtracted from unitSize there. Fix this by making use of the length returned by sdp_data_value() and pass that on to sdp_data_alloc_with_length(). Co-developed-by: Zander Brown <zbrown@xxxxxxxxx> Commit: b978f979678d237f406f3209cf2d5f2da8e5b74e https://github.com/bluez/bluez/commit/b978f979678d237f406f3209cf2d5f2da8e5b74e Author: Jonas Dreßler <verdre@xxxxxxx> Date: 2023-11-13 (Mon, 13 Nov 2023) Changed paths: M lib/sdp.c M lib/sdp_lib.h Log Message: ----------- lib/sdp: Pass size_t to sdp_get_string_attr() We're currently type-casting the output of strlen(sdpdata->val.str) into an int, which is somewhat problematic given that strlen() can return values larger than sizeof(int). We can do better here and use size_t instead, so let's do that. While at it, also add a comment explaining why the check here is "smaller than" instead of "smaller than or equal". Co-developed-by: Zander Brown <zbrown@xxxxxxxxx> Compare: https://github.com/bluez/bluez/compare/303925b28110...b978f979678d
