[nrf fromtree] Bluetooth: fixing UBSAN warnings related to Codec Configuration

During local testing with UBSAN enabled, warning was reported:
bluetooth/host/iso.c:237:2: runtime error: null pointer passed
as argument 2, which is declared to never be null

It turned out that when datapath doesn't contain
codec information, cc_len is 0 and cc is NULL

In order to avoid UB,
now we call memcpy only when cp->codec_config_len > 0

Signed-off-by: Ivan Iushkov <[email protected]>
(cherry picked from commit e8d0900)
Signed-off-by: Ivan Iushkov <[email protected]>

Author: ivaniushkov

subsys/bluetooth/host/iso.c

@@ -233,9 +233,10 @@ static int hci_le_setup_iso_data_path(const struct bt_conn *iso, uint8_t dir,
 	cp->codec_id.vs_codec_id = sys_cpu_to_le16(path->vid);
 	sys_put_le24(path->delay, cp->controller_delay);
 	cp->codec_config_len = path->cc_len;
-	cc = net_buf_add(buf, cp->codec_config_len);
-	memcpy(cc, path->cc, cp->codec_config_len);
-
+	cc = net_buf_add(buf, path->cc_len);
+	if (path->cc_len) {
+		memcpy(cc, path->cc, path->cc_len);
+	}
 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SETUP_ISO_PATH, buf, &rsp);
 	if (err) {
 		return err;