Fix invalid memory accesses in ble_uuid_cmp When the two uuid values differ in type, one of two things can happen:
1. Access to unallocated or uninitialised memory 2. Unaligned access to 16/32-bit values Both of these cause crashes, so always make sure we are comparing like types. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/69588392 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/69588392 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/69588392 Branch: refs/heads/1_0_0_dev Commit: 69588392a5d86b41c47bb0e863138feb1c14fe76 Parents: 0dc1c2b Author: Simon Ratner <[email protected]> Authored: Sat Mar 4 12:02:40 2017 -0800 Committer: Marko Kiiskila <[email protected]> Committed: Mon Mar 6 15:54:25 2017 -0800 ---------------------------------------------------------------------- net/nimble/host/src/ble_uuid.c | 4 ++++ 1 file changed, 4 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/69588392/net/nimble/host/src/ble_uuid.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_uuid.c b/net/nimble/host/src/ble_uuid.c index 028e227..f9ccc6d 100644 --- a/net/nimble/host/src/ble_uuid.c +++ b/net/nimble/host/src/ble_uuid.c @@ -76,6 +76,10 @@ ble_uuid_cmp(const ble_uuid_t *uuid1, const ble_uuid_t *uuid2) BLE_HS_DBG_ASSERT(verify_uuid(uuid1) == 0); BLE_HS_DBG_ASSERT(verify_uuid(uuid2) == 0); + if (uuid1->type != uuid2->type) { + return uuid1->type - uuid2->type; + } + switch (uuid1->type) { case BLE_UUID_TYPE_16: return (int) BLE_UUID16(uuid1)->value - (int) BLE_UUID16(uuid2)->value;
