This fixes the following:
==25759== Syscall param socketcall.sendmsg(msg.msg_iov[i]) points to
uninitialised byte(s)
==25759== at 0x521C570: __sendmsg_nocancel (syscall-template.S:82)
==25759== by 0x41688F: ipc_send (ipc.c:366)
==25759== by 0x40ECF8: send_ssp_request (bluetooth.c:1028)
==25759== by 0x4110A6: user_confirm_request_callback
(bluetooth.c:1055)
==25759== by 0x4094FE: queue_foreach (queue.c:186)
==25759== by 0x409FCF: can_read_data (mgmt.c:287)
==25759== by 0x408E4C: read_callback (io-glib.c:168)
==25759== by 0x4E79D12: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x4E7A05F: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x4E7A459: g_main_loop_run (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==25759== by 0x40454D: main (main.c:538)
==25759== Address 0x7ff00085d is on thread 1's stack
==25759== Uninitialised value was created by a stack allocation
==25759== at 0x40EC77: send_ssp_request (bluetooth.c:1018)
---
android/bluetooth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/android/bluetooth.c b/android/bluetooth.c
index 93b9cd7..85409a3 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -1018,6 +1018,8 @@ static void send_ssp_request(struct device *dev, uint8_t variant,
{
struct hal_ev_ssp_request ev;
+ memset(&ev, 0, sizeof(ev));
+
bdaddr2android(&dev->bdaddr, ev.bdaddr);
memcpy(ev.name, dev->name, strlen(dev->name));
ev.class_of_dev = dev->class;
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
