From 52362c5f209131f0ae45291ac3b8efd3581e01e2 Mon Sep 17 00:00:00 2001 From: Bharat Panda Date: Tue, 23 Sep 2014 17:49:17 +0530 Subject: [PATCH] attrib: Fix condition check for attr delete Checks handle value for non-zero as well as >= 0xffff, to avoid infinite loop and deletion of unspecified attrib handles. --- attrib/gatt-service.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/attrib/gatt-service.c b/attrib/gatt-service.c index f592a70a2..4e1a654e9 100644 --- a/attrib/gatt-service.c +++ b/attrib/gatt-service.c @@ -299,9 +299,15 @@ static void service_attr_del(struct btd_adapter *adapter, uint16_t start_handle, { uint16_t handle; - for (handle = start_handle; handle <= end_handle; handle++) + /* For a 128-bit category primary service below handle should be checked + * for both non-zero as well as >= 0xffff. As on last iteration the + * handle will turn to 0 from 0xffff and loop will be infinite. + */ + for (handle = start_handle; (handle != 0 && handle <= end_handle); + handle++) { if (attrib_db_del(adapter, handle) < 0) error("Can't delete handle 0x%04x", handle); + } } gboolean gatt_service_add(struct btd_adapter *adapter, uint16_t uuid, -- 2.47.3