On Mon, Mar 18, 2019 at 1:45 PM Cong Wang <xiyou.wangc...@gmail.com> wrote:
> @@ -3978,6 +3982,9 @@ static void hci_inquiry_result_with_rssi_evt(struct
> hci_dev *hdev,
>
> if ((skb->len - 1) / num_rsp != sizeof(struct
> inquiry_info_with_rssi)) {
> struct inquiry_info_with_rssi_and_pscan_mode *info;
> +
> + if (unlikely(!pskb_may_pull(skb, num_rsp * sizeof(*info))))
> + goto unlock;Here it should be 1 + num_rsp * sizeof(...). I will send v2 after getting other feedbacks. Thanks!
