espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 18:10:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(ble/bluedroid): Fixed potential out-of-bounds memory access when resolve adv data

Browse Source
This commit is contained in:
zhanghaipeng
2025-08-11 13:08:14 +08:00
parent e58562e030
commit 12df54e8d1
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/bt/host/bluedroid/stack/btm/btm_ble_gap.c
View File

@@ -2071,6 +2071,13 @@ UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT16 adv_data_len, UINT8 type, UINT8 *p
STREAM_TO_UINT8(adv_type, p); STREAM_TO_UINT8(adv_type, p);
if ( adv_type == type ) { if ( adv_type == type ) {
if((p + length - 1) > (p_adv + adv_data_len)) {
/* avoid memory overflow*/
*p_length = 0;
return NULL;
}
/* length doesn't include itself */ /* length doesn't include itself */
*p_length = length - 1; /* minus the length of type */ *p_length = length - 1; /* minus the length of type */
return p; return p;