Branch: refs/heads/959339 Home: https://github.com/bluez/bluez Commit: 3faa27fd30ce85d0190fe05a3c3409216ce456db https://github.com/bluez/bluez/commit/3faa27fd30ce85d0190fe05a3c3409216ce456db Author: Pauli Virtanen <pav@xxxxxx> Date: 2025-05-03 (Sat, 03 May 2025) Changed paths: M src/shared/vcp.c Log Message: ----------- shared/vcp: use iov_pull in input parsing Check input is right size by using iov_pull* when parsing. Also replace custom iov_pull_mem by equivalent util_iov_pull_mem, and add iov_pull_string. Fixes handling of zero-length string-valued descriptors, !value is not error. Fixes crashes like: ERROR: AddressSanitizer: stack-buffer-overflow WRITE of size 3 at 0x7b878bb77161 thread T0 #0 0x7f878eee4821 in memcpy #1 0x0000009544d4 in read_aics_aud_ip_type src/shared/vcp.c:2713 #2 0x000000950cec in vcp_pending_complete src/shared/vcp.c:2394 #3 0x00000088b2ce in read_cb src/shared/gatt-client.c:2717 To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
