From ff8011811b0de81e79dd1451fcc80f0d0f6a84f2 Mon Sep 17 00:00:00 2001
From: Pavlin Radoslavov <pavlin@google.com>
Date: Thu, 16 Mar 2017 19:09:31 -0700
Subject: [PATCH] Use the correct buffer size when copying device inquiry
 response data

Bug: 36372989
Test: Running ASAN build
Change-Id: I6016e7609ba24db632222ff4613017e3be30b09c
---
 btif/src/btif_dm.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/btif/src/btif_dm.cc b/btif/src/btif_dm.cc
index 47c6e4fcb..252bd8f94 100644
--- a/btif/src/btif_dm.cc
+++ b/btif/src/btif_dm.cc
@@ -784,7 +784,8 @@ static void search_devices_copy_cb(uint16_t event, char* p_dest, char* p_src) {
         p_dest_data->inq_res.p_eir =
             (uint8_t*)(p_dest + sizeof(tBTA_DM_SEARCH));
         memcpy(p_dest_data->inq_res.p_eir, p_src_data->inq_res.p_eir,
-               HCI_EXT_INQ_RESPONSE_LEN);
+               p_src_data->inq_res.eir_len);
+        p_dest_data->inq_res.eir_len = p_src_data->inq_res.eir_len;
       }
     } break;
 
-- 
2.11.0