diff mbox series

[BlueZ] shared/gatt-db: fix crash on bad attribute index in get_char_data

Message ID dd2290eb0393dc0c9978c94ad07ad6ae06ea3115.1745184652.git.pav@iki.fi
State New
Headers show
Series [BlueZ] shared/gatt-db: fix crash on bad attribute index in get_char_data | expand

Commit Message

Pauli Virtanen April 20, 2025, 9:36 p.m. UTC 
Fix AddressSanitizer: heap-buffer-overflow when index == 0.
---
 src/shared/gatt-db.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

patchwork-bot+bluetooth@kernel.org April 22, 2025, 9:11 a.m. UTC | #1 
Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Mon, 21 Apr 2025 00:36:32 +0300 you wrote:
> Fix AddressSanitizer: heap-buffer-overflow when index == 0.
> ---
>  src/shared/gatt-db.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Here is the summary with links:
  - [BlueZ] shared/gatt-db: fix crash on bad attribute index in get_char_data
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=73ae3fb93d27

You are awesome, thank you!
diff mbox series

Patch

diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index b44140523..8951079be 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -1980,8 +1980,8 @@  bool gatt_db_attribute_get_char_data(const struct gatt_db_attribute *attrib,
 
 		/* Check if Characteristic Value was passed instead */
 		index = gatt_db_attribute_get_index(attrib);
-		if (index < 0)
-			return NULL;
+		if (index <= 0)
+			return false;
 
 		attrib = attrib->service->attributes[index - 1];
 		if (bt_uuid_cmp(&characteristic_uuid, &attrib->uuid))