Hello: This series was applied to bluetooth/bluez.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>: On Tue, 19 Mar 2024 17:19:14 +0200 you wrote: > Currently iov_append is defined in 2 places, client/player.c and > src/shared/bap.c. The player.c implementation is faulty as it > does not allocate additional memory for the data that it appends > to the original iovec. This can cause buffer overflows such as > the one attached at the end of this message, which was discovered > while running an Unicast setup. Therefore, the implementation from > src/shared/bap.c was used to create util_iov_append as it allocates > new memory appropriately. The existing calls to iov_append from > src/shared/bap.c and client/player.c were replaced with the new > util_iov_append. > > [...] Here is the summary with links: - [BlueZ,1/3] shared/util: Add util_iov_append function https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9fc5f9e05d84 - [BlueZ,2/3] shared/bap: Use util_iov_append instead of iov_append https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=060e3dd69ed3 - [BlueZ,3/3] client/player: Use util_iov_append instead of iov_append https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e96a7fdd697b You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html