From ad7c19ea9a164c3f7ebe3786114c5d98870eee05 Mon Sep 17 00:00:00 2001 From: Zach Johnson Date: Mon, 15 Sep 2014 22:29:54 -0700 Subject: [PATCH] Fix how add_sdp_by_uuid passes the uuid to SDP_AddSequence SDP_AddSequence expects to dereference the passed pointer and find a pointer there, and that pointer pointing to UINT8s. Before, we were passing &type_buf, which gives the address of the first UINT8 in the array on the stack. This meant SDP_AddSequence was treating the first few bytes of the uuid as a pointer to somewhere, leading to a segfault when it tried to follow it. --- btif/src/btif_sock_sdp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/btif/src/btif_sock_sdp.c b/btif/src/btif_sock_sdp.c index e8f7e27f9..f04444174 100644 --- a/btif/src/btif_sock_sdp.c +++ b/btif/src/btif_sock_sdp.c @@ -214,6 +214,9 @@ static int add_sdp_by_uuid(const char *name, const uint8_t *uuid, UINT8 type = UUID_DESC_TYPE; UINT8 type_len = UUID_MAX_LENGTH; UINT8 type_buf[48]; + // Store the address of type buf in a pointer on the stack, so we can pass + // a double pointer to SDP_AddSequence + UINT8 *type_buf_ptr = type_buf; // Do the conversion to big-endian -- tmp is only used to iterate through the // UUID array in the macro and serves no other purpose as the conversion @@ -225,7 +228,7 @@ static int add_sdp_by_uuid(const char *name, const uint8_t *uuid, stage = "service_class_sequence"; if (!SDP_AddSequence(handle, (UINT16)ATTR_ID_SERVICE_CLASS_ID_LIST, - 1, &type, &type_len, (UINT8**)&type_buf)) + 1, &type, &type_len, &type_buf_ptr)) goto error; -- 2.11.0