Hi Jakub,
On Wednesday 21 of May 2014 16:34:40 Jakub Tyszkowski wrote:
> This search was used with the assumption that connection is in
> "connected" state. This could result in attrib pointer being
> dereferenced while it's still NULL (pending connection).
> ---
> android/gatt.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index 89da60d..1b000c4 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -364,8 +364,14 @@ static bool match_connection_by_device_and_app(const void *data,
>
> static struct app_connection *find_connection_by_id(int32_t conn_id)
> {
> - return queue_find(app_connections, match_connection_by_id,
> + struct app_connection *conn;
> +
> + conn = queue_find(app_connections, match_connection_by_id,
> INT_TO_PTR(conn_id));
> + if (conn && conn->device->state == DEVICE_CONNECTED)
> + return conn;
> +
> + return NULL;
> }
>
> static bool match_connection_by_device(const void *data, const void *user_data)
Patch 1/3 is now applied, thanks.
--
Best regards,
Szymon Janc
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
