In file lib/sdp.c, at line 809 function sdp_gen_pdu() is defined as
follows (omitted parts not related to buf):
int sdp_gen_pdu(sdp_buf_t *buf, sdp_data_t *d)
{
[...]
### buf is directly dereferenced
uint8_t *seqp = buf->data + buf->data_size;
[...]
if (!is_seq && !is_alt) {
### buf is checked for NULL here
if (src && buf && buf->buf_size >= buf->data_size + data_size) {
memcpy(buf->data + buf->data_size, src, data_size);
buf->data_size += data_size;
} else if (dtd != SDP_DATA_NIL) {
SDPDBG("Gen PDU : Can't copy from invalid source or dest\n");
}
}
pdu_size += data_size;
return pdu_size;
}
So the question is whether we are missing buf != NULL check at top, or
is the one present unnecessary?
--
Slawomir Bochenski
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
