[PATCH BlueZ v2] a2dp: Fix handling of codec capability storage

Linux bluetooth development
 help / color / mirror / Atom feed

* [PATCH BlueZ v2] a2dp: Fix handling of codec capability storage
@ 2026-06-22 15:56 Luiz Augusto von Dentz
  2026-06-22 18:14 ` [BlueZ,v2] " bluez.test.bot
  0 siblings, 1 reply; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2026-06-22 15:56 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Codec capability is one byte long (max 255) the storage format is
02hhx which means each byte ends up as 2 characters so the buffer
needs to be doubled in order to handle capabilities of that size.

Reported-by:  p0her (_@p0her_) in TeamH4C working with TrendAI Zero Day Initiative
Reported-by: Michael Bommarito <michael.bommarito@gmail.com>
---
 profiles/audio/a2dp.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index a5e002784c02..c8adc3122563 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -971,7 +971,7 @@ static void store_remote_sep(void *data, void *user_data)
 {
 	struct a2dp_remote_sep *sep = data;
 	GKeyFile *key_file = user_data;
-	char seid[4], value[256];
+	char seid[4], value[9 + 512];
 	struct avdtp_service_capability *service = avdtp_get_codec(sep->sep);
 	struct avdtp_media_codec_capability *codec;
 	unsigned int i;
@@ -2373,7 +2373,7 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
 		uint8_t codec;
 		uint8_t delay_reporting;
 		GSList *l = NULL;
-		char caps[256];
+		char caps[513];
 		uint8_t data[128];
 		int i, size;
 
@@ -2386,10 +2386,10 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
 			continue;
 
 		/* Try loading with delay_reporting first */
-		if (sscanf(value, "%02hhx:%02hhx:%02hhx:%s", &type, &codec,
+		if (sscanf(value, "%02hhx:%02hhx:%02hhx:%512s", &type, &codec,
 					&delay_reporting, caps) != 4) {
 			/* Try old format */
-			if (sscanf(value, "%02hhx:%02hhx:%s", &type, &codec,
+			if (sscanf(value, "%02hhx:%02hhx:%512s", &type, &codec,
 								caps) != 3) {
 				warn("Unable to load Endpoint: seid %u", rseid);
 				g_free(value);
@@ -2398,7 +2398,7 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
 			delay_reporting = false;
 		}
 
-		for (i = 0, size = strlen(caps); i < size; i += 2) {
+		for (i = 0, size = strlen(caps); i < size && i >= 2; i += 2) {
 			uint8_t *tmp = data + i / 2;
 
 			if (sscanf(caps + i, "%02hhx", tmp) != 1) {
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* RE: [BlueZ,v2] a2dp: Fix handling of codec capability storage
  2026-06-22 15:56 [PATCH BlueZ v2] a2dp: Fix handling of codec capability storage Luiz Augusto von Dentz
@ 2026-06-22 18:14 ` bluez.test.bot
  0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2026-06-22 18:14 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz

[-- Attachment #1: Type: text/plain, Size: 2377 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1114843

---Test result---

Test Summary:
CheckPatch                    FAIL      0.92 seconds
GitLint                       FAIL      0.67 seconds
BuildEll                      PASS      20.21 seconds
BluezMake                     PASS      619.69 seconds
MakeCheck                     PASS      3.14 seconds
MakeDistcheck                 PASS      237.22 seconds
CheckValgrind                 PASS      206.49 seconds
CheckSmatch                   PASS      328.16 seconds
bluezmakeextell               PASS      166.29 seconds
IncrementalBuild              PASS      623.46 seconds
ScanBuild                     PASS      931.40 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,v2] a2dp: Fix handling of codec capability storage
WARNING:BAD_SIGN_OFF: Use a single space after Reported-by:
#101: 
Reported-by:  p0her (_@p0her_) in TeamH4C working with TrendAI Zero Day Initiative

ERROR:BAD_SIGN_OFF: Unrecognized email address: 'p0her (_@p0her_) in TeamH4C working with TrendAI Zero Day Initiative'
#101: 
Reported-by:  p0her (_@p0her_) in TeamH4C working with TrendAI Zero Day Initiative

/github/workspace/src/patch/14639629.patch total: 1 errors, 1 warnings, 36 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/patch/14639629.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ,v2] a2dp: Fix handling of codec capability storage

9: B1 Line exceeds max length (82>80): "Reported-by:  p0her (_@p0her_) in TeamH4C working with TrendAI Zero Day Initiative"


https://github.com/bluez/bluez/pull/2251

---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-06-22 18:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-22 15:56 [PATCH BlueZ v2] a2dp: Fix handling of codec capability storage Luiz Augusto von Dentz
2026-06-22 18:14 ` [BlueZ,v2] " bluez.test.bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox