Hi Chen,
On Thu, Sep 13, 2012 at 9:03 AM, <chen.ganir@xxxxxx> wrote:
> +static void read_batterylevel_cb(guint8 status, const guint8 *pdu, guint16 len,
> + gpointer user_data)
> +{
> + struct characteristic *ch = user_data;
> + uint8_t value[ATT_MAX_MTU];
> + int vlen;
> +
> + if (status != 0) {
> + error("Failed to read Battery Level:%s", att_ecode2str(status));
> + return;
> + }
> +
> + vlen = dec_read_resp(pdu, len, value, sizeof(value));
> + if (!vlen) {
> + error("Failed to read Battery Level: Protocol error\n");
> + return;
> + }
You should check for vlen < 0 instead. See dec_read_resp()
implementation (there may be other places with this bug in bluez as
well, feel free to fix them if you find).
Also note that messages in error() should not contain "\n" (I've seen
this in other patches on the series as well).
> +
> + if (vlen < 1) {
> + error("Failed to read Battery Level: Wrong pdu len");
> + return;
> + }
What about checking for "vlen != 1" instead ?
> +static struct characteristic *find_battery_char(struct btd_battery *db)
> +{
> + GSList *l, *b;
> +
> + for (l = servers; l != NULL; l = g_slist_next(l)) {
> + struct battery *batt = l->data;
> +
> + b = g_slist_find_custom(batt->chars, db, device_battery_cmp);
> + if (!b)
> + return NULL;
Shouldn't it be a "continue" above instead of "return NULL" ?
Otherwise the loop will never go past the first server.
> +
> + return b->data;
> + }
> +
> + return NULL;
> +}
Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
