| Message ID | 20250428195122.2000808-2-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ,v2,1/5] main: Fix comparison of narrow type with wide type in loop condition | expand |
diff --git a/client/mgmt.c b/client/mgmt.c index 1946d65d2fe2..86b5879db8b0 100644 --- a/client/mgmt.c +++ b/client/mgmt.c @@ -571,7 +571,7 @@ static void confirm_name_rsp(uint8_t status, uint16_t len, static char *eir_get_name(const uint8_t *eir, uint16_t eir_len) { - uint8_t parsed = 0; + uint16_t parsed = 0; if (eir_len < 2) return NULL; @@ -599,7 +599,7 @@ static char *eir_get_name(const uint8_t *eir, uint16_t eir_len) static unsigned int eir_get_flags(const uint8_t *eir, uint16_t eir_len) { - uint8_t parsed = 0; + uint16_t parsed = 0; if (eir_len < 2) return 0;
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> In a loop condition, comparison of a value of a narrow type with a value of a wide type may result in unexpected behavior if the wider value is sufficiently large (or small). Fixes: https://github.com/bluez/bluez/issues/1211 --- client/mgmt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)