Bugs were simple buffer overflow that was actually discovered already couple years ago by op7ic:https://www.spinics.net/lists/linux-bluetooth/msg68892.html Caused by missing boundary checks before accessing. Cho, Yu-Chen (3): hcidump: fixed AMP Assoc dump heap-over-flow hcidump:fixed hci frame dump stack-buffer-overflow hcidump: Fix set_ext_ctrl() global buffer overflow tools/parser/amp.c | 65 +++++++++++++++++++++++--------------------- tools/parser/hci.c | 3 ++ tools/parser/l2cap.c | 2 +- 3 files changed, 38 insertions(+), 32 deletions(-) -- 2.19.1
