This memory corruption will happen if the remote BLE device name
is more than 249 bytes (the maximum attribute length our BLE support is 600.).
after we send/receive GATT remote device name service attribute.
We will copy upto 600 bytes data to a local name buffer with size of 249.
This will cause serious memory corruption on the stack memory.
bug:
12570982
Change-Id: I5b2ffd5f5a16f4d80d5491e86bf18bf47e30629e
BD_NAME bd_name;
memset(bd_name, 0, (BD_NAME_LEN + 1));
+ if (length > BD_NAME_LEN)
+ {
+ length = BD_NAME_LEN;
+ }
memcpy((UINT8*)bd_name, p_name, length);
if ((!status) || (length==0))