hci: fix buffer overrun in gap_inquiry_explode

2025-04-15 23:42:52 +00:00 · 2018-04-10 14:07:23 +02:00 · 2018-04-10 14:07:23 +02:00 · e4f5dd75d9
commit e4f5dd75d9
parent 22387625cf
2 changed files with 2 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - att_db_util: added security requirement arguments to characteristic creators

 ### Fixed
+- hci: fix buffer overrun in gap_inquiry_explode

 ## Changes March 2018

--- a/src/hci.c
+++ b/src/hci.c
@ -3780,7 +3780,7 @@ static void hci_notify_if_sco_can_send_now(void){

 // parsing end emitting has been merged to reduce code size
 static void gap_inquiry_explode(uint8_t * packet){
-    uint8_t event[15+GAP_INQUIRY_MAX_NAME_LEN];
+    uint8_t event[19+GAP_INQUIRY_MAX_NAME_LEN];

    uint8_t * eir_data;
    ad_context_t context;