From: Andrei Emeltchenko <andrei.emeltchenko@xxxxxxxxx>
Do not allow to read more then buffer size.
This fixes segmentation fault reading capture from target (apparently
end of the trace was broken).
---
src/shared/btsnoop.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/shared/btsnoop.c b/src/shared/btsnoop.c
index 17a872c..3592c2e 100644
--- a/src/shared/btsnoop.c
+++ b/src/shared/btsnoop.c
@@ -415,6 +415,11 @@ bool btsnoop_read_hci(struct btsnoop *btsnoop, struct timeval *tv,
}
toread = be32toh(pkt.size);
+ if (toread > BTSNOOP_MAX_PACKET_SIZE) {
+ btsnoop->aborted = true;
+ return false;
+ }
+
flags = be32toh(pkt.flags);
ts = be64toh(pkt.ts) - 0x00E03AB44A676000ll;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
