From 597d76ce7dadb585586c00bf6b7f8c4354109267 Mon Sep 17 00:00:00 2001 From: Lyle Zhu Date: Fri, 25 Apr 2025 11:16:37 +0800 Subject: [PATCH] Bluetooth: Classic: HFP_HF: Fix out of bounds issue Check whether the conn index is out of bounds. CID 520290 Signed-off-by: Lyle Zhu --- subsys/bluetooth/host/classic/hfp_hf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/subsys/bluetooth/host/classic/hfp_hf.c b/subsys/bluetooth/host/classic/hfp_hf.c index ceeabf0ead9..e2a6c5d3617 100644 --- a/subsys/bluetooth/host/classic/hfp_hf.c +++ b/subsys/bluetooth/host/classic/hfp_hf.c @@ -3968,6 +3968,8 @@ static struct bt_hfp_hf *hfp_hf_create(struct bt_conn *conn) LOG_DBG("conn %p", conn); index = (size_t)bt_conn_index(conn); + __ASSERT(index < ARRAY_SIZE(bt_hfp_hf_pool), "Index is out of bounds"); + hf = &bt_hfp_hf_pool[index]; if (hf->acl) { LOG_ERR("HF connection (%p) is established", conn);