Skip to content

Commit be11f6f

Browse files
lylezhu2012fabiobaltieri
lylezhu2012
authored and
fabiobaltieri
committed
Bluetooth: Classic: HFP_AG: Fix out of bounds issue
Check whether the conn index is out of bounds. CID 520297 CID 520296 Signed-off-by: Lyle Zhu <[email protected]>
1 parent eeb3a55 commit be11f6f

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

subsys/bluetooth/host/classic/hfp_ag.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3565,6 +3565,8 @@ static struct bt_hfp_ag *hfp_ag_create(struct bt_conn *conn)
35653565
}
35663566

35673567
index = (size_t)bt_conn_index(conn);
3568+
__ASSERT(index < ARRAY_SIZE(bt_hfp_ag_pool), "Conn index is out of bounds");
3569+
35683570
ag = &bt_hfp_ag_pool[index];
35693571
if (ag->acl_conn) {
35703572
LOG_ERR("AG connection (%p) is established", conn);
@@ -3705,6 +3707,8 @@ static int bt_hfp_ag_sco_accept(const struct bt_sco_accept_info *info,
37053707
LOG_DBG("conn %p", info->acl);
37063708

37073709
index = (size_t)bt_conn_index(info->acl);
3710+
__ASSERT(index < ARRAY_SIZE(bt_hfp_ag_pool), "Conn index is out of bounds");
3711+
37083712
ag = &bt_hfp_ag_pool[index];
37093713
if (ag->acl_conn != info->acl) {
37103714
LOG_ERR("ACL %p of AG is unaligned with SCO's %p", ag->acl_conn, info->acl);

0 commit comments

Comments
 (0)