On Mon, Aug 22, 2011 at 1:42 PM, dstockwell@xxxxxxxxxxxxxxxxx <dstockwell@xxxxxxxxxxxxxxxxx> wrote: > Hello Lucas > > On August 22, 2011 at 10:42 AM Lucas De Marchi > <lucas.demarchi@xxxxxxxxxxxxxx> wrote: > >> Hi David, >> >> On Mon, Aug 22, 2011 at 8:58 AM, David Stockwell >> <dstockwell@xxxxxxxxxxxxxxxxx> wrote: >> > Btw, it looked like this avrcp_handle_get_element_attributes function >> > might not be properly checking the amount of actually received data in >> > all necessary places before accessing the buffer (i.e. having the risk >> > of remotely triggered buffer overflows). Could you please verify this >> > and fix it if the issue really exists. >> > >> > +++++ I will take a look this afternoon and either send a fix, or send a >> > note that it looks OK. >> >> As I answered to Johan before seeing your response, it does have this >> problem. I have the PDU-continuation pending here in which I fix this. >> I'll probably send it by tomorrow. If you are into it and want to >> send >> a fix, I'm ok with that. > > > > If you already have a fix for that function, go ahead and submit it. > > > > Wondering what you mean by "PDU-continuation pending", though. Does it have > > to do with AVRCP-level RequestContinuingResponse (and Abort)? Or > AVCTP-layer > > fragmentation? AVRCP-level RequestContinuingResponse (and Abort) regards, Lucas De Marchi -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
