diff options
| author | Matthew Xie <mattx@google.com> | 2012-04-04 00:52:39 -0700 |
|---|---|---|
| committer | Matthew Xie <mattx@google.com> | 2012-07-14 11:19:14 -0700 |
| commit | 666f92c7f05a39c059572189b37729b49ba4f043 (patch) | |
| tree | 6744479324394aafda10c6e676d601e2fa714a0a /btif/src | |
| parent | 66aa5171e4e7c9f942971a30419c03134e67a4a4 (diff) | |
| download | external_bluetooth_bluedroid-666f92c7f05a39c059572189b37729b49ba4f043.zip external_bluetooth_bluedroid-666f92c7f05a39c059572189b37729b49ba4f043.tar.gz external_bluetooth_bluedroid-666f92c7f05a39c059572189b37729b49ba4f043.tar.bz2 | |
Fix a memory access crash
There are cases that btif_in_split_uuids_string_to_list takes in str
without ;. In this case break the do while loop
Change-Id: I725bfe79de9cea11e46e663898763245c33229a5
Diffstat (limited to 'btif/src')
| -rw-r--r-- | btif/src/btif_storage.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/btif/src/btif_storage.c b/btif/src/btif_storage.c index 8cb5423..f051de1 100644 --- a/btif/src/btif_storage.c +++ b/btif/src/btif_storage.c @@ -262,6 +262,7 @@ static void btif_in_split_uuids_string_to_list(char *str, bt_uuid_t *p_uuid, do { p_needle = strchr(p_start, ';'); + if (p_needle < p_start) break; memset(buf, 0, sizeof(buf)); strncpy(buf, p_start, (p_needle-p_start)); string_to_uuid(buf, p_uuid + num); |