diff options
| author | Juha Vuolle <juha.vuolle@insta.fi> | 2022-06-27 10:16:28 +0300 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-06-28 08:26:49 +0000 |
| commit | ab00a53c8dd8879b24a0fb2cfe282f72e945bcd5 (patch) | |
| tree | 64b781a8ffb7bea28f9f053482c0c3ede6898e62 | |
| parent | de81e5be8df87916d66a6838900a67d469f0c33f (diff) | |
| download | qtconnectivity-ab00a53c8dd8879b24a0fb2cfe282f72e945bcd5.tar.gz | |
Fix Bluez LE advertiser crash on large advertisement data
The calculation to count the number of service UUIDs that fit the 31
bytes resulted in choosing a number of services that doesn't fit,
ultimately leading to a memset() crash a bit later.
Fixes: QTBUG-104060
Change-Id: Iad170cfded7363f820a92230df27cdb57bce3814
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
(cherry picked from commit efc4541af0f02d254cabf82b3db0412e7b83682e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
| -rw-r--r-- | src/bluetooth/qleadvertiser_bluez.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/bluetooth/qleadvertiser_bluez.cpp b/src/bluetooth/qleadvertiser_bluez.cpp index e0ef450f..911317b2 100644 --- a/src/bluetooth/qleadvertiser_bluez.cpp +++ b/src/bluetooth/qleadvertiser_bluez.cpp @@ -255,7 +255,8 @@ static void addServicesData(AdvData &data, const QList<T> &services) return; constexpr auto sizeofT = static_cast<int>(sizeof(T)); // signed is more convenient const qsizetype spaceAvailable = sizeof data.data - data.length; - const qsizetype maxServices = (std::max)((spaceAvailable - 2) / sizeofT, services.size()); + // Determine how many services will be set, space may limit the number + const qsizetype maxServices = (std::min)((spaceAvailable - 2) / sizeofT, services.size()); if (maxServices <= 0) { qCWarning(QT_BT_BLUEZ) << "services data does not fit into advertising data packet"; return; |