* [bluez/bluez] dd093e: sdp: fix overflow in sdp_extract_seqtype()
@ 2026-05-04 17:58 github-actions[bot]
0 siblings, 0 replies; only message in thread
From: github-actions[bot] @ 2026-05-04 17:58 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1089431
Home: https://github.com/bluez/bluez
Commit: dd093e5cd4678eddd38db79325fe7cfb83084a7b
https://github.com/bluez/bluez/commit/dd093e5cd4678eddd38db79325fe7cfb83084a7b
Author: Martin Brodeur <admin@fluentlogic.org>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
M lib/bluetooth/sdp.c
Log Message:
-----------
sdp: fix overflow in sdp_extract_seqtype()
bt_get_be32() returns uint32_t. Assigning directly to the
int *size parameter sign-extends values greater than INT_MAX
to negative, bypassing sequence-length sanity checks in
extract_seq() and sdp_extract_pdu() callers.
Store the result in a uint32_t first and return an error if
the value exceeds INT_MAX. This closes the residual paths not
covered by commit 31e4fb1498f4 ("monitor: Add decoding support for HIDS 1.1 flags and attributes").
Reported-by: Martin Brodeur <admin@fluentlogic.org>
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-04 17:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-04 17:58 [bluez/bluez] dd093e: sdp: fix overflow in sdp_extract_seqtype() github-actions[bot]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox