From d48132c844ff7e287e13ba16f01697738d89c132 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Fri, 29 Nov 2013 17:06:07 +0200 Subject: [PATCH] android/pan: Fix sending uninitialised bytes name field of struct hal_ev_pan_ctrl_state is 17 bytes longs so memcpy of the interface name does not field all the those bytes leaving the last uninitialised: Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s) at 0x3600EF6E20: __sendmsg_nocancel (in /usr/lib64/libc-2.17.so) by 0x40DC06: ipc_send (ipc.c:93) by 0x4149AC: bnep_conn_cb (pan.c:120) by 0x4192B8: bnep_setup_cb (bnep.c:324) by 0x31D1647DF5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3) by 0x31D1648147: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3) by 0x31D1648549: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3) by 0x40338B: main (main.c:629) Address 0x7ff0003d3 is on thread 1's stack --- android/pan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/android/pan.c b/android/pan.c index e89461eef..9e388c37a 100644 --- a/android/pan.c +++ b/android/pan.c @@ -115,6 +115,7 @@ static void bt_pan_notify_ctrl_state(struct pan_device *dev, uint8_t state) ev.state = state; ev.local_role = local_role; ev.status = HAL_STATUS_SUCCESS; + memset(ev.name, 0, sizeof(ev.name)); memcpy(ev.name, dev->iface, sizeof(dev->iface)); ipc_send_notif(HAL_SERVICE_ID_PAN, HAL_EV_PAN_CTRL_STATE, sizeof(ev), -- 2.47.3