When encoding an att_data_list we need to make sure that each element lenght of the data list will not exceed 255, because that information will be encoded as a octet later. --- attrib/att.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/attrib/att.c b/attrib/att.c index fc510f4..f262bb6 100644 --- a/attrib/att.c +++ b/attrib/att.c @@ -101,6 +101,9 @@ struct att_data_list *att_data_list_alloc(uint16_t num, uint16_t len) struct att_data_list *list; int i; + if (len > UINT8_MAX) + return NULL; + list = g_new0(struct att_data_list, 1); list->len = len; list->num = num; -- 1.7.12.3 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
