name field of struct hal_ev_pan_ctrl_state is 17 bytes longs so memcpy of
the interface name does not field all the those bytes leaving the last
uninitialised:
Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
at 0x3600EF6E20: __sendmsg_nocancel (in /usr/lib64/libc-2.17.so)
by 0x40DC06: ipc_send (ipc.c:93)
by 0x4149AC: bnep_conn_cb (pan.c:120)
by 0x4192B8: bnep_setup_cb (bnep.c:324)
by 0x31D1647DF5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x31D1648147: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x31D1648549: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40338B: main (main.c:629)
Address 0x7ff0003d3 is on thread 1's stack
Implements the PAN connect method in android daemon with PANU role
only. Setting up the bnep environment, adds connection and makes
bnep interface up are part of bnep_connect call. Notifies bnep
interface on control state call back and connection status on
connection state call back.
This fix issue with sending invalid success response from several
places where ipc_send_rsp was used for reporting success. Instead of
using using ipc_send for success response, make helper handle that.
