michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: GATT: Fix unaligned access to CCC value

Browse source 
The CCC value behind the 'buf' pointer in bt_gatt_attr_write_ccc() may
not be appropriately aligned. It should therefore be accessed with
sys_get_le16() instead of sys_le16_to_cpu(). This also eliminates the
need of a separate uint16_t helper variable in the function.

Change-Id: I93d50f894e877f25ec6ed2f576cf6bf6d440190b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg 2016-08-31 08:06:32 +03:00
commit 3b61beca20
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
net/bluetooth/gatt.c
View file

@ -333,14 +333,13 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
uint16_t len, uint16_t offset, uint8_t flags)
{
struct _bt_gatt_ccc *ccc = attr->user_data;
const uint16_t *data = buf;
size_t i;
if (offset > sizeof(*data)) {
if (offset > sizeof(uint16_t)) {
return BT_GATT_ERR(BT_ATT_ERR_INVALID_OFFSET);
}
if (offset + len > sizeof(*data)) {
if (offset + len > sizeof(uint16_t)) {
return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
}
@ -369,7 +368,7 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
}
}
ccc->cfg[i].value = sys_le16_to_cpu(*data);
ccc->cfg[i].value = sys_get_le16(buf);
BT_DBG("handle 0x%04x value %u", attr->handle, ccc->cfg[i].value);