From b7283a1bb9b3776a2361b190fe76127346588f6f Mon Sep 17 00:00:00 2001
From: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Date: Wed, 19 Mar 2014 14:26:58 +0200
Subject: [PATCH] unit/avrcp: Fix possible buffer overflow

Parameter passed needs to be of size number otherwise there is buffer
overflow.
---
 unit/test-avrcp.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c
index d89954ba1..eb002385f 100644
--- a/unit/test-avrcp.c
+++ b/unit/test-avrcp.c
@@ -317,10 +317,15 @@ static int get_attribute_text(struct avrcp *session, uint8_t transaction,
 					uint8_t number, uint8_t *attrs,
 					void *user_data)
 {
-	const char *text[] = { "equalizer" };
+	const char *text[number];
 
 	DBG("");
 
+	if (number) {
+		memset(text, 0, number);
+		text[0] = "equalizer";
+	}
+
 	avrcp_get_player_attribute_text_rsp(session, transaction, number, attrs,
 									text);
 
-- 
2.47.3