* [bluez/bluez] db9aa4: sdp: fix overflow in sdp_extract_seqtype()
@ 2026-05-04 16:28 github-actions[bot]
0 siblings, 0 replies; only message in thread
From: github-actions[bot] @ 2026-05-04 16:28 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1089386
Home: https://github.com/bluez/bluez
Commit: db9aa42f19a13582e17c7e2b92f41fef63c1824f
https://github.com/bluez/bluez/commit/db9aa42f19a13582e17c7e2b92f41fef63c1824f
Author: Martin Brodeur <admin@fluentlogic.org>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
M lib/bluetooth/sdp.c
Log Message:
-----------
sdp: fix overflow in sdp_extract_seqtype()
bt_get_be32() returns uint32_t. Assigning directly to the
int *size parameter sign-extends values greater than INT_MAX
to negative, bypassing sequence-length sanity checks in
extract_seq() and sdp_extract_pdu() callers.
Store the result in a uint32_t first and return an error if
the value exceeds INT_MAX. This closes the residual paths not
covered by commit 31e4fb1.
Reported-by: Martin Brodeur <admin@fluentlogic.org>
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-04 16:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-04 16:28 [bluez/bluez] db9aa4: sdp: fix overflow in sdp_extract_seqtype() github-actions[bot]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox