| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
length is a pointer to int table not int* table.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VCP apparently was never adopted so 0x110f was latter reused by AVRCP 1.3
controller as per current assigned numbers page:
https://www.bluetooth.org/en-us/specification/assigned-numbers/service-discovery
|
|
|
|
|
|
|
|
|
|
|
|
Somehow, the invalid multibyte sequence "\xC2\xA0" (which is displayed
as a whitespace) was inserted on a company identifier string. Fix this
to avoid a bogus diff when running tools/update_compids.sh.
|
|
|
|
Error path on default case was not breaking loop. To keep error
handling similar all error path were converted to use goto.
This fix following:
target C: libbluetooth <= external/bluetooth/bluez/android/../lib/sdp.c
lib/sdp.c: In function 'sdp_set_profile_descs':
lib/sdp.c:487:10: warning: 'values[0]' may be used uninitialized in
this function [-Wmaybe-uninitialized]
lib/sdp.c:2562:19: note: 'values[0]' was declared here
lib/sdp.c:545:11: warning: 'dtds[0]' may be used uninitialized in this
function [-Wmaybe-uninitialized]
lib/sdp.c:2562:9: note: 'dtds[0]' was declared here
|
|
|
|
|
|
|
|
|
|
|
|
Modify headers to enable support for changing SCO voice setting.
Corresponding commit implements functionality on kernel side.
|
|
There is an identical definition on the same header file (next to
HSP_AG_UUID).
|
|
This is an improved version of recently reverted commit 1796f00e8465.
Response size is verified against minimal allowed value only if it is
complete response. If response is partial it is allowed by spec that
it will be split in arbitrary manner.
Verified against Nokia BH217 on which original commit caused
regression.
|
|
|
|
This reverts commit 1796f00e846561af80679efba4d7c36c78710fb6.
This patch causes a regression with the Nokia BH217 headset. A correct
patch must take into account fragmented responses.
|
|
SDPERR and SDPDBG already add new line to prints.
|
|
Fixes the value of RESET_FAILED_CONTACT_COUNTER_RP_SIZE and
RESET_FAILED_CONTACT_COUNTER_RP_SIZE macros to respect the
associated struct.
|
|
|
|
The sequence itself is not an index of dtds, values, lengths, thats why
SDP_SEQ8 is used directly as dtd, so accessing length[i] is always off
by one.
Furthermore the length is not really used by sdp_data_alloc_with_length
when the dtd is SDP_SEQ8 which is probably why it doesn't crash.
|
|
|
|
Fix minor typos on company names.
|
|
|
|
|
|
Browsing services using sdptool can lead to writing to invalid heap
locations.
valgrind's output of exemplary call: sdptool browse local
==2203== HEAP SUMMARY:
==2203== in use at exit: 0 bytes in 0 blocks
==2203== total heap usage: 251 allocs, 251 frees, 140,156 bytes allocated
==2203==
==2203== All heap blocks were freed -- no leaks are possible
==2203==
==2203== ERROR SUMMARY: 6 errors from 2 contexts (suppressed: 0 from 0)
==2203==
==2203== 1 errors in context 1 of 2:
==2203== Invalid write of size 2
==2203== at 0x805B882: bt_put_be16 (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8062BD0: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== Address 0x4391359 is 7 bytes before a block of size 2,048 alloc'd
==2203== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2203== by 0x8062B4B: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203==
==2203==
==2203== 5 errors in context 2 of 2:
==2203== Invalid write of size 1
==2203== at 0x402D363: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2203== by 0x80613E7: gen_dataseq_pdu (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8061472: gen_attridseq_pdu (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8062C00: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== Address 0x439135b is 5 bytes before a block of size 2,048 alloc'd
==2203== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2203== by 0x8062B4B: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool)
==2203==
==2203== ERROR SUMMARY: 6 errors from 2 contexts (suppressed: 0 from 0)
|
|
|
|
|
|
|
|
Commits 0f5a5a9580084a3c4e0644ef5cd75689aeb5ff40 and
46b3a3d2d00bf70bc57ef0c9ad5542a2271e3350 introduced this workaround.
|
|
The "seq->val.dataseq != NULL" check is also removed from the for()
statement because it should be done after verifying that the data
element is a sequence (inside the "if (SDP_IS_SEQ(...))" block.)
|
|
Also check if the required number of entries is present.
|
|
|
|
It is necessary to validate the sdp_data_t "dtd" field before accessing
the "val" union members, specially when handling SDP_SEQ*, SDP_ALT* and
SDP_STR* elements, otherwise remote devices can trigger memory
corruption by passing invalid data elements where others are expected.
|
