diff mbox series

[BlueZ,3/4] lib/sdp: Use correct string length in sdp_copy_seq()

Message ID 20231103182150.60088-4-verdre@v0yd.nl
State New
Headers show
Series Fix an allocation oversight in SDP parsing | expand

Commit Message

Jonas Dreßler Nov. 3, 2023, 6:21 p.m. UTC 
sdp_data_t->unitSize for strings in the SDP record is
`sizeof(uint8_t) + strlen(str)`.

The "length" argument of sdp_data_alloc_with_length() is expected to be
only the length of the string (so `sdp_data_t->unitSize - sizeof(uint8_t)`).

Since the last commit, in sdp_copy_seq() we're allocating one byte too much
for strings now, because the `sizeof(uint8_t)` is not subtracted from unitSize
there.

Fix this by making use of the length returned by sdp_data_value() and pass
that on to sdp_data_alloc_with_length().

Co-developed-by: Zander Brown <zbrown@gnome.org>
---
 lib/sdp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lib/sdp.c b/lib/sdp.c
index 006ab057a..4b10d8f67 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -1527,10 +1527,10 @@  static sdp_data_t *sdp_copy_seq(sdp_data_t *data)
 	for (tmp = data; tmp; tmp = tmp->next) {
 		sdp_data_t *datatmp;
 		void *value;
+		uint32_t len = 0;
 
-		value = sdp_data_value(tmp, NULL);
-		datatmp = sdp_data_alloc_with_length(tmp->dtd, value,
-								tmp->unitSize);
+		value = sdp_data_value(tmp, &len);
+		datatmp = sdp_data_alloc_with_length(tmp->dtd, value, len);
 
 		if (cur)
 			cur->next = datatmp;