mesh: Segmentation fails in gatt.c:pipe_write() If the first command output in a new connection exceeds 20 bytes, mesh_gatt_write sets the SAR to FIRST as the write_mtu is initially 0 and the default is GATT_MTU-3 (20). When pipe_write gets called, a new larger write_mtu has been set, but the SAR is still set to FIRST. It's assumed that data->gatt_len > max_len. However, it's not which causes lots of bogus output.

Diffstat

1 files changed, 18 insertions(+), 123 deletions(-)