Checks handle value for non-zero as well as >= 0xffff, to avoid
infinite loop and deletion of unspecified attrib handles.
---
attrib/gatt-service.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/attrib/gatt-service.c b/attrib/gatt-service.c
index 874552b..bcf360e 100644
--- a/attrib/gatt-service.c
+++ b/attrib/gatt-service.c
@@ -295,7 +295,12 @@ static void service_attr_del(struct btd_adapter *adapter, uint16_t start_handle,
{
uint16_t handle;
- for (handle = start_handle; handle <= end_handle; handle++)
+ /* For a 128-bit category primary service below handle should be checked
+ * for both non-zero as well as >= 0xffff. As on last iteration the handle
+ * will turn to 0 from 0xffff and loop will be infinite.
+ */
+
+ for (handle = start_handle; (handle != 0 && handle <= end_handle); handle++)
if (attrib_db_del(adapter, handle) < 0)
error("Can't delete handle 0x%04x", handle);
}
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
