diff options
| -rw-r--r-- | common/glib-helper.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/common/glib-helper.c b/common/glib-helper.c index eab30b5e..931b99a5 100644 --- a/common/glib-helper.c +++ b/common/glib-helper.c @@ -115,7 +115,7 @@ static void search_completed_cb(uint8_t type, uint16_t status, { struct search_context *ctxt = user_data; sdp_list_t *recs = NULL; - int scanned, seqlen = 0; + int scanned, seqlen = 0, bytesleft = size; uint8_t dataType; int err = 0; @@ -124,17 +124,18 @@ static void search_completed_cb(uint8_t type, uint16_t status, goto done; } - scanned = sdp_extract_seqtype(rsp, &dataType, &seqlen); + scanned = sdp_extract_seqtype_safe(rsp, bytesleft, &dataType, &seqlen); if (!scanned || !seqlen) goto done; rsp += scanned; + bytesleft -= scanned; do { sdp_record_t *rec; int recsize; recsize = 0; - rec = sdp_extract_pdu(rsp, &recsize); + rec = sdp_extract_pdu_safe(rsp, bytesleft, &recsize); if (!rec) break; @@ -145,9 +146,10 @@ static void search_completed_cb(uint8_t type, uint16_t status, scanned += recsize; rsp += recsize; + bytesleft -= recsize; recs = sdp_list_append(recs, rec); - } while (scanned < size); + } while (scanned < size && bytesleft > 0); done: sdp_close(ctxt->session); |