diff --git a/components/bt/host/bluedroid/stack/include/stack/sdp_api.h b/components/bt/host/bluedroid/stack/include/stack/sdp_api.h index 1f8c3b30e3..7075e8bbf3 100644 --- a/components/bt/host/bluedroid/stack/include/stack/sdp_api.h +++ b/components/bt/host/bluedroid/stack/include/stack/sdp_api.h @@ -96,8 +96,8 @@ typedef struct { UINT8 u8; /* 8-bit integer */ UINT16 u16; /* 16-bit integer */ UINT32 u32; /* 32-bit integer */ + UINT8 array[4]; /* Variable length field */ struct t_sdp_disc_attr *p_sub_attr; /* Addr of first sub-attr (list)*/ - UINT8 array[]; /* Variable length field */ } v; } tSDP_DISC_ATVAL; diff --git a/components/bt/host/bluedroid/stack/sdp/sdp_utils.c b/components/bt/host/bluedroid/stack/sdp/sdp_utils.c index dad93a2962..f354ea3ad3 100644 --- a/components/bt/host/bluedroid/stack/sdp/sdp_utils.c +++ b/components/bt/host/bluedroid/stack/sdp/sdp_utils.c @@ -785,6 +785,14 @@ BOOLEAN sdpu_compare_uuid_with_attr (tBT_UUID *p_btuuid, tSDP_DISC_ATTR *p_attr) } else if (p_btuuid->len == LEN_UUID_32) { return (BOOLEAN)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32); } + /* coverity[overrun-buffer-arg] */ + /* + Event overrun-buffer-arg: Overrun of static array "&p_attr->attr_value.v.array" of size 4 bytes by passing it to a function which indexes it with argument "16U" at byte position 15 + FALSE-POSITIVE error from Coverity test tool. Please do NOT remove following comment. + False-positive: SDP uses scratch buffer to hold the attribute value. + The actual size of tSDP_DISC_ATVAL does not matter. + If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily + */ else if (p_btuuid->len == LEN_UUID_128) { return (BOOLEAN)(!memcmp(p_btuuid->uu.uuid128, (void *) p_attr->attr_value.v.array, LEN_UUID_128)); }