espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd

Browse Source
This commit is contained in:
Jin Cheng
2025-10-13 10:24:09 +08:00
parent 04eb410ebc
commit b3e5df7874
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bt/host/bluedroid/stack/gatt/att_protocol.c
+2 -1
View File
@@ -200,7 +200,8 @@ BT_HDR *attp_build_read_by_type_value_cmd (UINT16 payload_size, tGATT_FIND_TYPE_
BT_HDR *attp_build_read_multi_cmd(UINT8 op_code, UINT16 payload_size, UINT16 num_handle, UINT16 *p_handle)
{
BT_HDR *p_buf = NULL;
UINT8 *p, i = 0;
UINT8 *p;
UINT16 i = 0;
if ((p_buf = (BT_HDR *)osi_malloc((UINT16)(sizeof(BT_HDR) + num_handle * 2 + 1 + L2CAP_MIN_OFFSET))) != NULL) {
p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;