From 7d3301934f1b30d90646c97f40464ed198be91d3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 12 Sep 2008 19:41:57 -0700 Subject: fix service browsing We were incrementing req->search_uuid every time we call back into browse_cb() -- even when we'd already finished going through the uuid_list[] and were supposed to be handling req->uuids. So for each entry in req->uuids, we'd skip a zero after uuid_list[] and go trawling through random memory, treating it as more UUIDs to search for. --- src/device.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/device.c b/src/device.c index b90861b9..ef3a5faa 100644 --- a/src/device.c +++ b/src/device.c @@ -975,8 +975,9 @@ static void browse_cb(sdp_list_t *recs, int err, gpointer user_data) bdaddr_t src; uuid_t uuid; - /* Public browsing successful or Single record requested */ - if (err < 0 || (!req->search_uuid && recs)) + /* If we have a valid response and req->search_uuid == 1, then + public browsing was successful -- we don't need any more */ + if (err < 0 || (req->search_uuid == 1 && recs)) goto done; update_services(req, recs); @@ -984,8 +985,8 @@ static void browse_cb(sdp_list_t *recs, int err, gpointer user_data) adapter_get_address(adapter, &src); /* Search for mandatory uuids */ - if (uuid_list[++req->search_uuid]) { - sdp_uuid16_create(&uuid, uuid_list[req->search_uuid]); + if (uuid_list[req->search_uuid]) { + sdp_uuid16_create(&uuid, uuid_list[req->search_uuid++]); bt_search_service(&src, &device->bdaddr, &uuid, browse_cb, user_data, NULL); return; } @@ -1057,7 +1058,7 @@ int device_browse(struct btd_device *device, DBusConnection *conn, memcpy(&uuid, search, sizeof(uuid_t)); cb = search_cb; } else { - sdp_uuid16_create(&uuid, uuid_list[req->search_uuid]); + sdp_uuid16_create(&uuid, uuid_list[req->search_uuid++]); init_browse(req); cb = browse_cb; } @@ -1072,7 +1073,7 @@ int device_browse(struct btd_device *device, DBusConnection *conn, device, NULL); return bt_search_service(&src, &device->bdaddr, - &uuid, browse_cb, req, NULL); + &uuid, cb, req, NULL); } struct btd_adapter *device_get_adapter(struct btd_device *device) -- cgit