shared/gatt-db: Fix munmap_chunk invalid pointer PTS test GATT/CL/GAD/BV-03-C published a service starting at handle 0xfffd and ending at 0xffff. This resets the next_handle to 0 in gatt_db_insert_service() instead of setting it to 0x10000. Other services are added later. This could end-up by a crash in db_hash_update() if not enough space has been allocated for hash.iov and some entries are overwritten. Next_handle can be replaced by a last_handle variable which will not loop over. This can be replaced by queue_peek_tail() and computing the value, but keeping last_handle will avoid this sort of lookup.

Diffstat

1 files changed, 10 insertions(+), 9 deletions(-)