Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d097074 authored by Chris Dearman's avatar Chris Dearman
Browse files

Avoid potential buffer overrun in bd2str caused by signed char 

Use uint8_t to avoid sign extension as char's may be signed.
As a further safeguard, use snprintf()

Change-Id: Icdd4dba9b270bde41547677fa2f98bf215401a23
parent da93e55c

system/btif/src/btif_util.c

+4 −4
Original line number Diff line number Diff line
@@ -93,11 +93,11 @@ int str2bd(char *str, bt_bdaddr_t *addr) 


char *bd2str(const bt_bdaddr_t *bdaddr, bdstr_t *bdstr)

{

    char *addr = (char *) bdaddr->address;

    const uint8_t *addr = bdaddr->address;



    sprintf((char*)bdstr, "%02x:%02x:%02x:%02x:%02x:%02x",

                       (int)addr[0],(int)addr[1],(int)addr[2],

                       (int)addr[3],(int)addr[4],(int)addr[5]);

    snprintf((char*)bdstr, sizeof(*bdstr), "%02x:%02x:%02x:%02x:%02x:%02x",

             addr[0], addr[1], addr[2],

             addr[3], addr[4], addr[5]);

    return (char *)bdstr;

}