[nrf fromtree] Bluetooth: fixing UBSAN warnings related to Codec Conf…

…iguration During local testing with UBSAN enabled, warning was reported: bluetooth/host/iso.c:237:2: runtime error: null pointer passed as argument 2, which is declared to never be null It turned out that when datapath doesn't contain codec information, cc_len is 0 and cc is NULL In order to avoid UB, now we call memcpy only when cp->codec_config_len > 0 Signed-off-by: Ivan Iushkov <[email protected]> (cherry picked from commit e8d0900) Signed-off-by: Ivan Iushkov <[email protected]>
nrfconnect · Feb 12, 2024 · d558462 · d558462
1 parent ab1667a
commit d558462
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/subsys/bluetooth/host/iso.c b/subsys/bluetooth/host/iso.c
@@ -233,9 +233,10 @@ static int hci_le_setup_iso_data_path(const struct bt_conn *iso, uint8_t dir,
 	cp->codec_id.vs_codec_id = sys_cpu_to_le16(path->vid);
 	sys_put_le24(path->delay, cp->controller_delay);
 	cp->codec_config_len = path->cc_len;
-	cc = net_buf_add(buf, cp->codec_config_len);
-	memcpy(cc, path->cc, cp->codec_config_len);
-
+	cc = net_buf_add(buf, path->cc_len);
+	if (path->cc_len) {
+		memcpy(cc, path->cc, path->cc_len);
+	}
 	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_SETUP_ISO_PATH, buf, &rsp);
 	if (err) {
 		return err;