Skip to content

Commit f314560

Browse files
ljd42nashif
ljd42
authored and
nashif
committed
Bluetooth: Controller: Fix a potential NULL pointer dereference
Fix a potential NULL pointer dereference for skip_fields in the function ull_adv_sync_copy_pdu_header. This issue been reported by Coverity. Coverity CID: 392529 Signed-off-by: Loic Domaigne <tech@domaigne.com>
1 parent f12ed28 commit f314560

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

subsys/bluetooth/controller/ll_sw/ull_adv_sync.c

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1394,7 +1394,6 @@ static void ull_adv_sync_copy_pdu_header(struct pdu_adv *target_pdu,
13941394
memcpy(target_hdr, source_hdr, source_hdr->ext_hdr_len + 1U);
13951395
} else {
13961396
/* Copy field by field */
1397-
13981397
source_dptr = source_hdr->ext_hdr.data;
13991398
target_dptr = target_hdr->ext_hdr.data;
14001399

@@ -1405,7 +1404,7 @@ static void ull_adv_sync_copy_pdu_header(struct pdu_adv *target_pdu,
14051404

14061405
#if defined(CONFIG_BT_CTLR_DF_ADV_CTE_TX)
14071406
if (source_hdr->ext_hdr.cte_info) {
1408-
if (!skip_fields->cte_info) {
1407+
if (!skip_fields || !skip_fields->cte_info) {
14091408
memcpy(target_dptr, source_dptr, sizeof(struct pdu_cte_info));
14101409
target_dptr += sizeof(struct pdu_cte_info);
14111410
target_hdr->ext_hdr.cte_info = 1U;
@@ -1416,7 +1415,7 @@ static void ull_adv_sync_copy_pdu_header(struct pdu_adv *target_pdu,
14161415

14171416
#if defined(CONFIG_BT_CTLR_ADV_PERIODIC_ADI_SUPPORT)
14181417
if (source_hdr->ext_hdr.adi) {
1419-
if (!skip_fields->adi) {
1418+
if (!skip_fields || !skip_fields->adi) {
14201419
memcpy(target_dptr, source_dptr, sizeof(struct pdu_adv_adi));
14211420
target_dptr += sizeof(struct pdu_adv_adi);
14221421
target_hdr->ext_hdr.adi = 1U;
@@ -1427,7 +1426,7 @@ static void ull_adv_sync_copy_pdu_header(struct pdu_adv *target_pdu,
14271426

14281427
#if defined(CONFIG_BT_CTLR_ADV_SYNC_PDU_LINK)
14291428
if (source_hdr->ext_hdr.aux_ptr) {
1430-
if (!skip_fields->aux_ptr) {
1429+
if (!skip_fields || !skip_fields->aux_ptr) {
14311430
memcpy(target_dptr, source_dptr, sizeof(struct pdu_adv_aux_ptr));
14321431
target_dptr += sizeof(struct pdu_adv_aux_ptr);
14331432
target_hdr->ext_hdr.aux_ptr = 1U;
@@ -1439,7 +1438,7 @@ static void ull_adv_sync_copy_pdu_header(struct pdu_adv *target_pdu,
14391438
/* SyncInfo is RFU for periodic advertising */
14401439

14411440
if (source_hdr->ext_hdr.tx_pwr) {
1442-
if (!skip_fields->tx_pwr) {
1441+
if (!skip_fields || !skip_fields->tx_pwr) {
14431442
*target_dptr = *source_dptr;
14441443
target_dptr++;
14451444
target_hdr->ext_hdr.tx_pwr = 1U;

0 commit comments

Comments
 (0)