[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] bug in l2cap.c



I found another null pointer dereference.  It is in process_request() in
l2cap.c, in the switch statement, in the case for SIG_CMDREJECT:

con->c_status = CSTATUS_CMDREJECT;

This will always segfault since con is set to NULL at the beginning of the
function.  Peace.

Eric

-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com