btio: fix range validation of security level Expression is used as an index for accessing an array's element in function 'l2cap_set_lm'. This expression can have value 4, which is out of range, as indicated by a preceding conditional expression. profiles/audio: add nullity checks Return value of a function 'btd_device_get_service' is dereferenced without checking for NULL, but it is usually checked for this function (28/35). Return value of a function 'queue_find' is dereferenced without checking for NULL, but it is usually checked for this function (182/183). src/shared: add nullity checks Return value of a function 'util_iov_pull_mem' is dereferenced without checking for NULL, but it is usually checked for this function (64/80). Return value of a function 'vcp_get_vcs' is dereferenced without checking for NULL, but it is usually checked for this function (4/5). obexd/client: fix err condition causing memleak Dynamic memory, referenced by 'err', is allocated by calling function 'obc_transfer_get' and lost at bip.c:139. Ismagil Iskakov (4): btio: fix range validation of security level profiles/audio: add nullity checks src/shared: add nullity checks obexd/client: fix err condition causing memleak btio/btio.c | 6 ++++++ obexd/client/transfer.c | 2 +- profiles/audio/a2dp.c | 34 ++++++++++++++++++++++++---------- profiles/audio/avrcp.c | 24 +++++++++++++++++++++--- profiles/audio/bass.c | 3 +++ src/shared/bap.c | 23 +++++++++++++++++++++++ src/shared/vcp.c | 3 +++ 7 files changed, 81 insertions(+), 14 deletions(-) -- 2.34.1
