From dc69e2d5348de2ef64ac7f335a503a63c7cca0e6 Mon Sep 17 00:00:00 2001 From: Simon Wilson Date: Thu, 2 Apr 2015 15:17:08 -0700 Subject: [PATCH] GAP: Reset cont_offset in start frame of SDP If cont_offset of ccb is not reset in start frame, it's appending previous SDP service search offset also to current offset. Service search goes in a loop and leads to crash on array index out of bounds. Bug: 19810285 Change-Id: Ifee174555593f4df669977b74ce3725c75c9b426 --- stack/sdp/sdp_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/stack/sdp/sdp_server.c b/stack/sdp/sdp_server.c index de420976a..27912367e 100644 --- a/stack/sdp/sdp_server.c +++ b/stack/sdp/sdp_server.c @@ -241,6 +241,7 @@ static void process_service_search (tCONN_CB *p_ccb, UINT16 trans_num, { rem_handles = num_rsp_handles; cont_offset = 0; + p_ccb->cont_offset = 0; } /* Calculate how many handles will fit in one PDU */ -- 2.11.0