Skip to content

Commit

Permalink
bluetooth: services: ras: Fix unaligned memory access in RAS
Browse files Browse the repository at this point in the history
Running tests with UBSAN identified unaligned memory access
of the ranging counter. Fix this by using net_buf_simple.

Signed-off-by: Sean Madigan <[email protected]>
  • Loading branch information
sean-madigan committed Dec 19, 2024
1 parent ef172cd commit 375321b
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions subsys/bluetooth/services/ras/rreq/ras_rreq.c
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,10 @@ static uint8_t ranging_data_ready_notify_func(struct bt_conn *conn,
return BT_GATT_ITER_STOP;
}

uint16_t ranging_counter = *(uint16_t *)data;
struct net_buf_simple rd_ready;

net_buf_simple_init_with_data(&rd_ready, (uint8_t *)data, length);
uint16_t ranging_counter = net_buf_simple_pull_le16(&rd_ready);

if (rreq->rd_ready.cb) {
rreq->rd_ready.cb(conn, ranging_counter);
Expand Down Expand Up @@ -187,7 +190,10 @@ static uint8_t ranging_data_overwritten_notify_func(struct bt_conn *conn,
return BT_GATT_ITER_STOP;
}

uint16_t ranging_counter = *(uint16_t *)data;
struct net_buf_simple rd_overwritten;

net_buf_simple_init_with_data(&rd_overwritten, (uint8_t *)data, length);
uint16_t ranging_counter = net_buf_simple_pull_le16(&rd_overwritten);

if (rreq->on_demand_rd.data_get_in_progress &&
rreq->on_demand_rd.counter_in_progress == ranging_counter) {
Expand Down

0 comments on commit 375321b

Please sign in to comment.