Bluetooth: Fix breakage in amp_write_rem_assoc_frag()

This change “Bluetooth: Fix breakage in amp_write_rem_assoc_frag()” in Linux kernel is authored by Dan Carpenter <dan.carpenter [at] oracle.com> on Sat Aug 1 15:30:08 2015 +0300.

Bluetooth: Fix breakage in amp_write_rem_assoc_frag()

We should be passing the pointer itself instead of the address of the
pointer.

This was a copy and paste bug when we replaced the calls to
hci_send_cmd().  Originally, the arguments were "len, cp" but we
overwrote them with "sizeof(cp), &cp" by mistake.

Fixes: b3d3914006a0 ('Bluetooth: Move amp assoc read/write completed callback to amp.c')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

This Linux change may have been applied to various maintained Linux releases and you can find Linux releases including commit 0208bc8.

There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/bluetooth/amp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
index 238ddd3..e32f341 100644
--- a/net/bluetooth/amp.c
+++ b/net/bluetooth/amp.c
@@ -379,7 +379,7 @@ static bool amp_write_rem_assoc_frag(struct hci_dev *hdev,
 	amp_ctrl_put(ctrl);
 
 	hci_req_init(&req, hdev);
-	hci_req_add(&req, HCI_OP_WRITE_REMOTE_AMP_ASSOC, sizeof(cp), &cp);
+	hci_req_add(&req, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp);
 	hci_req_run_skb(&req, write_remote_amp_assoc_complete);
 
 	kfree(cp);

The commit for this change in Linux stable tree is 0208bc8 (patch).

Leave a Reply

Your email address will not be published. Required fields are marked *