From c64b4d9e8dc3e36672061f39a9dba19ad0fb1ef1 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Fri, 9 Dec 2016 16:21:18 +0200
Subject: [PATCH] monitor/avctp: Fix reading attribute length as 1 octet

Attribute length is actually 2 octets long.
---
 monitor/avctp.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/monitor/avctp.c b/monitor/avctp.c
index 7f337a8fd..de8c3459c 100644
--- a/monitor/avctp.c
+++ b/monitor/avctp.c
@@ -1985,8 +1985,7 @@ static bool avrcp_attribute_entry_list(struct avctp_frame *avctp_frame,
 
 	for (; count > 0; count--) {
 		uint32_t attr;
-		uint16_t charset;
-		uint8_t len;
+		uint16_t charset, len;
 
 		if (!l2cap_frame_get_be32(frame, &attr))
 			return false;
@@ -2000,10 +1999,10 @@ static bool avrcp_attribute_entry_list(struct avctp_frame *avctp_frame,
 		print_field("%*cCharsetID: 0x%04x (%s)", indent, ' ',
 						charset, charset2str(charset));
 
-		if (!l2cap_frame_get_u8(frame, &len))
+		if (!l2cap_frame_get_be16(frame, &len))
 			return false;
 
-		print_field("%*cAttributeLength: 0x%02x (%u)", indent, ' ',
+		print_field("%*cAttributeLength: 0x%04x (%u)", indent, ' ',
 						len, len);
 
 		printf("%*cAttributeValue: ", indent+8, ' ');
-- 
2.47.3