michaelh/zephyr
1
0
Fork 0
Code Releases Activity

bluetooth: Fix an undefined behavior

Browse source 
The original creates a pointer to a compiler-generated temporary that is
destroyed when the scope is exited. The pointer is stored in a structure
defined in an enclosing scope and is invalid by the point it's used.

The fix holds the structure in a variable with the same lifetime as
the pointer.

Signed-off-by: Findlay Feng <i@fengch.me>
This commit is contained in:
Findlay Feng 2019-07-26 18:45:25 +08:00 committed by Ioannis Glaropoulos
commit 0ea07d3072
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
subsys/bluetooth/host/hci_core.c
View file

@ -5312,6 +5312,7 @@ static int le_adv_update(const struct bt_data *ad, size_t ad_len,
bool connectable, bool use_name)
{
struct bt_ad d[2] = {};
struct bt_data data;
int err;
d[0].data = ad;
@ -5336,10 +5337,11 @@ static int le_adv_update(const struct bt_data *ad, size_t ad_len,
}
name = bt_get_name();
data = (struct bt_data)BT_DATA(
BT_DATA_NAME_COMPLETE,
name, strlen(name));
d[1].data = (&(struct bt_data)BT_DATA(
BT_DATA_NAME_COMPLETE,
name, strlen(name)));
d[1].data = &data;
d[1].len = 1;
}