Skip to content

Bluetooth: GATT: Writing 1 byte to a CCC access invalid memory #16734

New issue
New issue
Closed
Bug
#16731
Closed
Bluetooth: GATT: Writing 1 byte to a CCC access invalid memory#16734
Bug
#16731
Assignees
Vudentz
Labels
area: BluetoothbugThe issue is a bug, or the PR is fixing a bug
@Vudentz

Description

@Vudentz
Vudentz
opened on Jun 11, 2019

According to the spec it is valid to write less than attribute length:

BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part F
page 2320:

'If the attribute value has a fixed length and the Attribute Value
parameter length is less than or equal to the length of the attribute
value, the octets of the attribute value parameter length shall be
written; all other octets in this attribute value shall be
unchanged.'

So when writting just 1 byte to a CCC that would cause accessing invalid memory:

[00:02:13.530,000] bt_gatt.bt_gatt_attr_write_ccc: handle 0x0015 value 16385
[00:02:13.530,000] bt_gatt.gatt_ccc_changed: ccc 0x001510a4 value 0x4001

Metadata

Metadata

Assignees

Labels

area: BluetoothbugThe issue is a bug, or the PR is fixing a bug

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions