Bluetooth: hci_event: fix memset typo

hci_le_big_sync_established_evt() currently does:

    conn->num_bis = 0;
    memset(conn->bis, 0, sizeof(conn->num_bis));

sizeof(conn->num_bis) is wrong - it would make sense to either use
conn->num_bis (before setting that to 0) or sizeof(conn->bis).
Fix it by using sizeof(conn->bis), the least intrusive change.

Luckily, nothing actually depends on this memset() working properly:
Nothing seems to ever read from conn->bis beyond conn->num_bis, and when
conn->num_bis is increased, the corresponding elements of conn->bis are
initialized. So I think this line could also just be removed.

This is a purely theoretical fix and should have no impact on actual
behavior.

Fixes: 42ecf1947135 ("Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1b3b9131affaa331b501fd055dbdd53a8b3ef8aa..eea2f810aafab390bbbe6d33201abe5891a4f5d4 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -7191,7 +7191,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
        clear_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags);
 
        conn->num_bis = 0;
-       memset(conn->bis, 0, sizeof(conn->num_bis));
+       memset(conn->bis, 0, sizeof(conn->bis));
 
        for (i = 0; i < ev->num_bis; i++) {
                u16 handle = le16_to_cpu(ev->bis[i]);