Bluetooth: Fix out of scope variable access in hci_sock_cmsg()

The pointer data can point to the variable ctv. Access to data happens when ctv is already out of scope. Signed-off-by: N Johann Felix Soden <johfel@users.sourceforge.net> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org>

Bluetooth: Fix out of scope variable access in hci_sock_cmsg()
The pointer data can point to the variable ctv. Access to data happens when ctv is already out of scope. Signed-off-by: N Johann Felix Soden <johfel@users.sourceforge.net> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org>
f6e623a6 · Johann Felix Soden · Marcel Holtmann · 705e5711 · f6e623a6
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

net/bluetooth/hci_sock.c net/bluetooth/hci_sock.c +3 -1

未找到文件。
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
 	}

 	if (mask & HCI_CMSG_TSTAMP) {
+#ifdef CONFIG_COMPAT
+		struct compat_timeval ctv;
+#endif
 		struct timeval tv;
 		void *data;
 		int len;
@@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
 		len = sizeof(tv);
 #ifdef CONFIG_COMPAT
 		if (msg->msg_flags & MSG_CMSG_COMPAT) {
-			struct compat_timeval ctv;
 			ctv.tv_sec = tv.tv_sec;
 			ctv.tv_usec = tv.tv_usec;
 			data = &ctv;