Skip to content
Permalink
Browse files

bluetooth: Fix an undefined behavior

The original creates a pointer to a compiler-generated temporary that is
destroyed when the scope is exited. The pointer is stored in a structure
defined in an enclosing scope and is invalid by the point it's used.

The fix holds the structure in a variable with the same lifetime as
the pointer.

Signed-off-by: Findlay Feng <i@fengch.me>
  • Loading branch information...
findlayfeng authored and ioannisg committed Jul 26, 2019
1 parent c41e712 commit 0ea07d3072b2b2ae634a9cf63fc53cfb69c47ad4
Showing with 5 additions and 3 deletions.
  1. +5 −3 subsys/bluetooth/host/hci_core.c
@@ -5312,6 +5312,7 @@ static int le_adv_update(const struct bt_data *ad, size_t ad_len,
bool connectable, bool use_name)
{
struct bt_ad d[2] = {};
struct bt_data data;
int err;

d[0].data = ad;
@@ -5336,10 +5337,11 @@ static int le_adv_update(const struct bt_data *ad, size_t ad_len,
}

name = bt_get_name();
data = (struct bt_data)BT_DATA(
BT_DATA_NAME_COMPLETE,
name, strlen(name));

d[1].data = (&(struct bt_data)BT_DATA(
BT_DATA_NAME_COMPLETE,
name, strlen(name)));
d[1].data = &data;
d[1].len = 1;
}

0 comments on commit 0ea07d3

Please sign in to comment.
You can’t perform that action at this time.