espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 18:10:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(ble/bluedroid): Fixed potential out-of-bounds memory access when resolve adv data

Browse Source 
(cherry picked from commit 12df54e8d1)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
This commit is contained in:
Zhang Hai Peng
2025-08-15 14:54:07 +08:00
parent ad6904db25
commit 91ef2747b6
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/bt/host/bluedroid/stack/btm/btm_ble_gap.c
View File

@@ -2071,6 +2071,13 @@ UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT16 adv_data_len, UINT8 type, UINT8 *p
STREAM_TO_UINT8(adv_type, p);
if ( adv_type == type ) {
if((p + length - 1) > (p_adv + adv_data_len)) {
/* avoid memory overflow*/
*p_length = 0;
return NULL;
}
/* length doesn't include itself */
*p_length = length - 1; /* minus the length of type */
return p;