diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2015-03-23 15:29:23 +0000 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2015-04-28 15:36:08 +0200 |
| commit | 588ef9d411339012fc3c94bfad8911e9d0a517a2 (patch) | |
| tree | a484309fcbb000c01867f36514dde2a8ccefd7bb /hw/bt/sdp.c | |
| parent | ecdda9e03d73d2cc1c82c00cccc02f087741b6a5 (diff) | |
| download | qemu-588ef9d411339012fc3c94bfad8911e9d0a517a2.zip | |
bt-sdp: fix broken uuids power-of-2 calculation
The binary search in sdp_uuid_match() only works when the number of
elements to search is a power of two.
lo = record->uuid;
hi = record->uuids;
while (hi >>= 1)
if (lo[hi] <= val)
lo += hi;
return *lo == val;
I noticed that the record->uuids calculation in
sdp_service_record_build() was suspect:
record->uuids = 1 << ffs(record->uuids - 1);
Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)!
Actually ffs() is the wrong function to use for power-of-2. Use
pow2ceil() to achieve the correct effect. Now the record->uuid[] array
is sized correctly and the binary search in sdp_uuid_match() should
work.
I'm not sure how to run/test this code.
Cc: Andrzej Zaborowski <balrog@zabor.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/bt/sdp.c')
| -rw-r--r-- | hw/bt/sdp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c index 218e075df7..c903747952 100644 --- a/hw/bt/sdp.c +++ b/hw/bt/sdp.c @@ -707,7 +707,7 @@ static void sdp_service_record_build(struct sdp_service_record_s *record, len += sdp_attr_max_size(&def->attributes[record->attributes ++].data, &record->uuids); } - record->uuids = 1 << ffs(record->uuids - 1); + record->uuids = pow2ceil(record->uuids); record->attribute_list = g_malloc0(record->attributes * sizeof(*record->attribute_list)); record->uuid = |