Fixed a crash due to an invalid access in the find_by_type foreach
callback by correctly initializing the data fields to 0. The crash
happened because the same callback is used for find_by_type and
find_by_type_value and however find_by_type didn't correctly set the
value pointer to NULL.
---
src/shared/gatt-db.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index 9a9cadc..157d859 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -880,6 +880,8 @@ void gatt_db_find_by_type(struct gatt_db *db, uint16_t start_handle,
{
struct find_by_type_value_data data;
+ memset(&data, 0, sizeof(data));
+
data.uuid = *type;
data.start_handle = start_handle;
data.end_handle = end_handle;
@@ -899,6 +901,8 @@ void gatt_db_find_by_type_value(struct gatt_db *db, uint16_t start_handle,
{
struct find_by_type_value_data data;
+ memset(&data, 0, sizeof(data));
+
data.uuid = *type;
data.start_handle = start_handle;
data.end_handle = end_handle;
--
2.2.0.rc0.207.ga3a616c
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
