Repository: incubator-mynewt-core Updated Branches: refs/heads/develop 847f02417 -> f052c8258
Fix invalid memory accesses in ble_uuid_cmp When the two uuid values differ in type, one of two things can happen: 1. Access to unallocated or uninitialised memory 2. Unaligned access to 16/32-bit values Both of these cause crashes, so always make sure we are comparing like types. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/d50951d0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/d50951d0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/d50951d0 Branch: refs/heads/develop Commit: d50951d05479ea3e2749068e7f5cab3c635c3412 Parents: 2242bc1 Author: Simon Ratner <simon+git...@probablyprime.net> Authored: Sat Mar 4 12:02:40 2017 -0800 Committer: Simon Ratner <simon+git...@probablyprime.net> Committed: Sat Mar 4 12:02:40 2017 -0800 ---------------------------------------------------------------------- net/nimble/host/src/ble_uuid.c | 4 ++++ 1 file changed, 4 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/d50951d0/net/nimble/host/src/ble_uuid.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_uuid.c b/net/nimble/host/src/ble_uuid.c index 028e227..f9ccc6d 100644 --- a/net/nimble/host/src/ble_uuid.c +++ b/net/nimble/host/src/ble_uuid.c @@ -76,6 +76,10 @@ ble_uuid_cmp(const ble_uuid_t *uuid1, const ble_uuid_t *uuid2) BLE_HS_DBG_ASSERT(verify_uuid(uuid1) == 0); BLE_HS_DBG_ASSERT(verify_uuid(uuid2) == 0); + if (uuid1->type != uuid2->type) { + return uuid1->type - uuid2->type; + } + switch (uuid1->type) { case BLE_UUID_TYPE_16: return (int) BLE_UUID16(uuid1)->value - (int) BLE_UUID16(uuid2)->value;
