Hi Johan/Lizardo:
On Mon, Mar 24, 2014 at 5:42 PM, Anderson Lizardo
<anderson.lizardo@xxxxxxxxxxxxx> wrote:
> Hi Johan,
>
> On Mon, Mar 24, 2014 at 4:17 PM, Johan Hedberg <johan.hedberg@xxxxxxxxx> wrote:
>> Hi Claudio,
>>
>> On Mon, Mar 24, 2014, Claudio Takahasi wrote:
>>> ---
>>> tools/parser/hci.c | 1 -
>>> tools/parser/l2cap.c | 1 -
>>> tools/parser/parser.h | 9 ++++-----
>>> tools/parser/ppp.c | 2 +-
>>> 4 files changed, 5 insertions(+), 8 deletions(-)
>>
>> I've applied all patches until this one.
>>
>> This patch has a quite severe bug in it (which to be honest makes me a
>> bit nervous of the earlier ones I applied):
>>
>>> static inline uint16_t get_u16(struct frame *frm)
>>> {
>>> - uint16_t *u16_ptr = frm->ptr;
>>> frm->ptr += 2;
>>> frm->len -= 2;
>>> - return ntohs(bt_get_unaligned(u16_ptr));
>>> + return get_be16(frm->ptr);
>>> }
>>>
>>> static inline uint32_t get_u32(struct frame *frm)
>>> {
>>> - uint32_t *u32_ptr = frm->ptr;
>>> frm->ptr += 4;
>>> frm->len -= 4;
>>> - return ntohl(bt_get_unaligned(u32_ptr));
>>> + return get_be32(frm->ptr);
>>> }
>>
>> Note that the value passed to ntohl before your patch is the pointer
>> before it is incremented. However after your patch it's the pointer
>> after it has been incremented, so you're changing the behavior of these
>> two functions.
>
> To be clear, I reviewed this code internally, and I missed this bug. I
> believe the correct change is something like:
>
> - uint32_t *u32_ptr = frm->ptr;
> + uint32_t u32 = get_be32(frm->ptr);
>
> and then "return u32" at the end. Sorry about the double mistake
> (given that both me and Claudio missed it).
It is my negligence. I will send a new patch.
Claudio.
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
