[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] Bug in Sdp.c?



Hi all,

I think I have discovered some bugs in the file "sdp.c".

Firstly, in the function sdp_connect_cfm, line 503, there is a loop depending on a counter i which is never incremented:

  /* Find the connecting sdp_con */
  while ((i < NB_MAX_OF_SDP) && (!stop)) {
    if ((sdp_con_list[i].state == SDP_CONNECTING) && 
       (sdp_con_list[i].initiator == TRUE)) {
      sdp = &sdp_con_list[i];
      stop = TRUE;
    }

    i++; // Should logically be added here...

  }
I haven't tested it, but that seems strange...


Secondly, in the function "process_service_search_req", line 1006 and 1013, we have:

  /* Just skip the next byte since we know that the next parameter is a 
     16-bit count */
  data += 1;

and 

   /* Just skip the next byte since we know that the next parameter is a 
     8-bit count */
  data += 1;

These two lines should be removed since they are useless and introduce memory problems.
The same lines in the function "process_service_attr_req", lines 1041 and 1047 should be removed.

Finally, I don't understand how can I get in my application the necessary  handle to call the function "sdp_disconnect_req(u32 sdp_hdl)",
since only the remote bluetooth address and a reference to a profile structure are provided as parameters during the connection...

Cheers,

Mathieu GONOT

International Technology Centre Leuven