Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID: 240241] Out-of-bounds access in subsys/bluetooth/host/adv.c #39852

Closed
zephyrbot opened this issue Oct 28, 2021 · 0 comments · Fixed by #39891
Closed

[Coverity CID: 240241] Out-of-bounds access in subsys/bluetooth/host/adv.c #39852

zephyrbot opened this issue Oct 28, 2021 · 0 comments · Fixed by #39891
Assignees
@rugeGerritsen
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/c0fcd35531611bbe35376c62a9e50744d6904940/subsys/bluetooth/host/adv.c

Category: Memory - corruptions
Function: hci_set_adv_ext_fragmented
Component: Bluetooth
CID: 240241

Details:

zephyr/subsys/bluetooth/host/adv.c

Line 514 in c0fcd35

memcpy(&set_data->data[2], data[j].data, set_data->len);

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v29271/p12996.

For more information about the violation, check the Coverity Reference. (CWE-119)

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug labels Oct 28, 2021
@rugeGerritsen rugeGerritsen mentioned this issue Oct 28, 2021
Merged
rugeGerritsen added a commit to rugeGerritsen/zephyr that referenced this issue Oct 29, 2021
@rugeGerritsen
Bluetooth: Host: Fix setting long adv data with long AD fields
554e211 
Previously, if the AD field length was greater than the maximum
fragment size - 2 bytes, an out of bounds access would occur.

Fixes: zephyrproject-rtos#39852

Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
carlescufi pushed a commit that referenced this issue Nov 2, 2021
@rugeGerritsen @carlescufi
Bluetooth: Host: Fix setting long adv data with long AD fields
4af5b7e 
Previously, if the AD field length was greater than the maximum
fragment size - 2 bytes, an out of bounds access would occur.

Fixes: #39852

Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
coreboot-org-bot pushed a commit to coreboot/zephyr-cros that referenced this issue Nov 4, 2021
@rugeGerritsen
Bluetooth: Host: Fix setting long adv data with long AD fields
1132fa3 
Previously, if the AD field length was greater than the maximum
fragment size - 2 bytes, an out of bounds access would occur.

(cherry picked from commit 4af5b7e)

Fixes: zephyrproject-rtos/zephyr#39852
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
GitOrigin-RevId: 4af5b7e
Change-Id: I4448c9d5074d54f9fa834d248259d86c5007ef76
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/zephyr/+/3258258
Tested-by: CopyBot <cros.copybot.ota@gmail.com>
Reviewed-by: Keith Short <keithshort@chromium.org>
Commit-Queue: Keith Short <keithshort@chromium.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rugeGerritsen rugeGerritsen

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bluetooth: Host: Fix setting long adv data with long AD fields rugeGerritsen/zephyr
5 participants
@jhedberg @joerchan @Vudentz @rugeGerritsen @zephyrbot