From: Johan Hedberg Date: Fri, 3 Feb 2012 22:06:00 +0000 (+0200) Subject: Bluetooth: Fix device_found event length for remote name resolving X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=053c7e0c4a40e2bb44e3c1e61e263be00688a136;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git Bluetooth: Fix device_found event length for remote name resolving The correct length of the event is the size of the ev struct (not size of the pointer like the code was previously using) plus the length of the variable-sized EIR data at the end of the struct. Signed-off-by: Johan Hedberg Acked-by: Marcel Holtmann --- diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index de7326b111ba..11ee5db16e97 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -2964,7 +2964,8 @@ int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, put_unaligned_le16(eir_len, &ev->eir_len); - return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL); + return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, + sizeof(*ev) + eir_len, NULL); } int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)