qemu/hw/bt
Stefan Hajnoczi 588ef9d411 bt-sdp: fix broken uuids power-of-2 calculation
The binary search in sdp_uuid_match() only works when the number of
elements to search is a power of two.

  lo = record->uuid;
  hi = record->uuids;
  while (hi >>= 1)
      if (lo[hi] <= val)
          lo += hi;

  return *lo == val;

I noticed that the record->uuids calculation in
sdp_service_record_build() was suspect:

  record->uuids = 1 << ffs(record->uuids - 1);

Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)!

Actually ffs() is the wrong function to use for power-of-2.  Use
pow2ceil() to achieve the correct effect.  Now the record->uuid[] array
is sized correctly and the binary search in sdp_uuid_match() should
work.

I'm not sure how to run/test this code.

Cc: Andrzej Zaborowski <balrog@zabor.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
..
core.c Preparation for usb-bt-dongle conditional build 2013-09-10 11:14:41 +02:00
hci-csr.c
hci.c Preparation for usb-bt-dongle conditional build 2013-09-10 11:14:41 +02:00
hid.c
l2cap.c l2cap: fix access to freed memory 2014-08-15 19:12:48 +04:00
Makefile.objs
sdp.c bt-sdp: fix broken uuids power-of-2 calculation 2015-04-28 15:36:08 +02:00