bt: don't return the address of a stack-allocated string

`char foo[] = "bar";` makes a stack-resident `char[4]`. The standard
ways of getting a not-stack-allocated string are:
- `const char *foo = "bar"` (`foo` will point to a `char[4]` in rodata.
  casting away the const here leads to badness if the string is
  modified.)
- `static char foo[] = "bar"` (`foo` will point to a `char[4]` in a
  writeable section of memory that lives for the life of the program.)

Since we return a non-const `char *` here, and since this method is a
stub, the latter seems more appropriate.

Bug: 162984360
Tag: #security
Test: TreeHugger
Change-Id: I51bd4a2d8e2e3826809a1bdc9743d2d1cb62870f

diff --git a/main/shim/btm_api.cc b/main/shim/btm_api.cc
index 9c72e12..8e478ef 100644 (file)
--- a/main/shim/btm_api.cc
+++ b/main/shim/btm_api.cc
@@ -1277,9 +1277,8 @@ void bluetooth::shim::BTM_SecClearSecurityFlags(const RawAddress& bd_addr) {
 }
 
 char* bluetooth::shim::BTM_SecReadDevName(const RawAddress& address) {
-  char name[] = "TODO: See if this is needed";
-  char* n = name;
-  return n;
+  static char name[] = "TODO: See if this is needed";
+  return name;
 }
 
 bool bluetooth::shim::BTM_SecAddRmtNameNotifyCallback(