From 58a2b3df7cb4086d1f69d9e98cba7a2dbb89225e Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Tue, 15 Nov 2016 16:52:38 +0200 Subject: [PATCH] Bluetooth: GATT: Fix using out of scope variable This fixes defect found by coverity: 152027 Pointer to local outside scope. Change-Id: I50f196a04363ffa6e6654b71a9a1d89034580413 Signed-off-by: Luiz Augusto von Dentz --- include/bluetooth/gatt.h | 3 ++- subsys/bluetooth/host/gatt.c | 16 +++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/bluetooth/gatt.h b/include/bluetooth/gatt.h index 22f63847daf..3e37ffc2c3f 100644 --- a/include/bluetooth/gatt.h +++ b/include/bluetooth/gatt.h @@ -772,7 +772,8 @@ struct bt_gatt_discover_params; * * If discovery procedure has completed this callback will be called with * attr set to NULL. This will not happen if procedure was stopped by returning - * BT_GATT_ITER_STOP. + * BT_GATT_ITER_STOP. The attribute is read-only and cannot be cached without + * copying its contents. * * @return BT_GATT_ITER_CONTINUE if should continue attribute discovery * or BT_GATT_ITER_STOP to stop discovery procedure. diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c index f59298c2a52..01dc7a28612 100644 --- a/subsys/bluetooth/host/gatt.c +++ b/subsys/bluetooth/host/gatt.c @@ -825,7 +825,6 @@ static void gatt_find_type_rsp(struct bt_conn *conn, uint8_t err, { const struct bt_att_find_type_rsp *rsp = pdu; struct bt_gatt_discover_params *params = user_data; - struct bt_gatt_service value; uint8_t i; uint16_t end_handle = 0, start_handle; @@ -838,7 +837,7 @@ static void gatt_find_type_rsp(struct bt_conn *conn, uint8_t err, /* Parse attributes found */ for (i = 0; length >= sizeof(rsp->list[i]); i++, length -= sizeof(rsp->list[i])) { - struct bt_gatt_attr *attr; + struct bt_gatt_attr attr = {}; start_handle = sys_le16_to_cpu(rsp->list[i].start_handle); end_handle = sys_le16_to_cpu(rsp->list[i].end_handle); @@ -846,20 +845,15 @@ static void gatt_find_type_rsp(struct bt_conn *conn, uint8_t err, BT_DBG("start_handle 0x%04x end_handle 0x%04x", start_handle, end_handle); - value.end_handle = end_handle; - value.uuid = params->uuid; - if (params->type == BT_GATT_DISCOVER_PRIMARY) { - attr = (&(struct bt_gatt_attr) - BT_GATT_PRIMARY_SERVICE(&value)); + attr.uuid = BT_UUID_GATT_PRIMARY; } else { - attr = (&(struct bt_gatt_attr) - BT_GATT_SECONDARY_SERVICE(&value)); + attr.uuid = BT_UUID_GATT_SECONDARY; } - attr->handle = start_handle; + attr.handle = start_handle; - if (params->func(conn, attr, params) == BT_GATT_ITER_STOP) { + if (params->func(conn, &attr, params) == BT_GATT_ITER_STOP) { return; } }