From: Andrei Emeltchenko <andrei.emeltchenko@xxxxxxxxx>
Do not allow to read more then buffer size.
This fixes segmentation fault reading capture from target (apparently
end of the trace was broken).
---
monitor/btsnoop.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/monitor/btsnoop.c b/monitor/btsnoop.c
index fafeff8..83aaee5 100644
--- a/monitor/btsnoop.c
+++ b/monitor/btsnoop.c
@@ -304,6 +304,13 @@ int btsnoop_read_hci(struct timeval *tv, uint16_t *index, uint16_t *opcode,
}
toread = be32toh(pkt.size);
+ if (toread > BTSNOOP_MAX_PACKET_SIZE) {
+ perror("Packet len suspicially big: %u", toread);
+ close(btsnoop_fd);
+ btsnoop_fd = -1;
+ return -1;
+ }
+
flags = be32toh(pkt.flags);
ts = be64toh(pkt.ts) - 0x00E03AB44A676000ll;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
