Hi Ido, On Mon, May 28, 2012, Ido Yariv wrote: > attrib_db_update always fails when g_try_realloc returns NULL, not > taking into account that the length passed to g_try_realloc could be > zero. In this case, g_try_realloc frees the currently allocated memory > and returns NULL. > As a result, not only will attrib_db_update fail needlessly, a > use-after-free could occur as the attribute's length will still hold the > length of the freed buffer. > > Fix this by only returning an error if the length is non-zero. > --- > src/attrib-server.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) Applied. Thanks. Johan -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
