sdp_extract_attr() uses the "size" parameter to return the number of bytes consumed when parsing SDP Data Elements. This size is used to advance a buffer pointer to parse next element. This size was being incorrectly calculated for SDP_TEXT_STR16/SDP_URL_STR16, where the string length was added twice. A unit test added on the previous commit should now pass with this fix. --- lib/sdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sdp.c b/lib/sdp.c index ca474cd..b87f392 100644 --- a/lib/sdp.c +++ b/lib/sdp.c @@ -1176,7 +1176,7 @@ static sdp_data_t *extract_str(const void *p, int bufsize, int *len) } n = bt_get_be16(p); p += sizeof(uint16_t); - *len += sizeof(uint16_t) + n; + *len += sizeof(uint16_t); bufsize -= sizeof(uint16_t); break; default: -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
