Hi João, 2012/4/18 João Paulo Rechi Vita <jprvita@xxxxxxxxxxxxx>: > --- > input/hog_device.c | 21 +++++++++++++++++++++ > 1 files changed, 21 insertions(+), 0 deletions(-) > > diff --git a/input/hog_device.c b/input/hog_device.c > index ac6d4c9..5df6879 100644 > --- a/input/hog_device.c > +++ b/input/hog_device.c > @@ -71,9 +71,27 @@ static void report_free(struct report *report) > g_free(report); > } > > +static void report_value_cb(const uint8_t *pdu, uint16_t len, gpointer user_data) > +{ > + uint16_t handle; > + > + if (len < 3) { I suppose the check should be (len < 10) here ? Otherwise the DBG() call will read invalid data. > + error("Malformed ATT notification"); > + return; > + } > + > + handle = att_get_u16(&pdu[1]); > + > + DBG("Report(0x%04x): 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x " > + "0x%02x", handle, pdu[2], pdu[3], pdu[4], > + pdu[5], pdu[6], pdu[7], pdu[8], pdu[9]); This DBG() seems strange. If handle starts at (pdu + 1) and has two octets, the remaining bytes should start at (pdu + 3). > +} > + Regards, -- Anderson Lizardo Instituto Nokia de Tecnologia - INdT Manaus - Brazil -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html