DBUS_TYPE_BOOLEAN is 'int', which does not have to be the same size as
'bool'.
On architecture where bool is smaller than in, getting prepare-authorize
will corrupt the stack
---
client/gatt.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/client/gatt.c b/client/gatt.c
index 416eda953..9d35b54fa 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -1860,9 +1860,12 @@ static int parse_options(DBusMessageIter *iter, uint16_t *offset, uint16_t *mtu,
} else if (strcasecmp(key, "prepare-authorize") == 0) {
if (var != DBUS_TYPE_BOOLEAN)
return -EINVAL;
- if (prep_authorize)
- dbus_message_iter_get_basic(&value,
- prep_authorize);
+ if (prep_authorize) {
+ int tmp;
+
+ dbus_message_iter_get_basic(&value, &tmp);
+ *prep_authorize = !!tmp;
+ }
}
dbus_message_iter_next(&dict);
--
2.20.1
