core/device: Fix crash when enabling experimental

This fixes the following trace:

Invalid read of size 8
   at 0x53BE1B1: ??? (in /usr/lib64/libdbus-1.so.3.15.2)
   by 0x53AAB45: _dbus_type_writer_write_fixed_multi (in /usr/lib64/libdbus-1.so.3.15.2)
   by 0x49E629: dev_property_get_flags (device.c:953)
   by 0x4C611E: append_property.isra.0 (object.c:511)
   by 0x4C6C3D: append_properties (object.c:540)
   by 0x4C6CD2: append_interface (object.c:555)
   by 0x50E740C: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.4800.2)
   by 0x4C734E: append_interfaces (object.c:1111)
   by 0x4C734E: append_object (object.c:1126)
   by 0x50E740C: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.4800.2)
   by 0x4C7398: append_object (object.c:1129)
   by 0x50E740C: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.4800.2)
   by 0x4C7398: append_object (object.c:1129)

diff --git a/src/device.c b/src/device.c
index d06b5bf..087138c 100644 (file)
--- a/src/device.c
+++ b/src/device.c
@@ -946,13 +946,13 @@ dev_property_get_flags(const GDBusPropertyTable *property,
                                        DBusMessageIter *iter, void *data)
 {
        struct btd_device *device = data;
-       uint8_t flags[] = { device->flags };
+       uint8_t *flags = &device->flags;
        DBusMessageIter array;
 
        dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY,
                                        DBUS_TYPE_BYTE_AS_STRING, &array);
        dbus_message_iter_append_fixed_array(&array, DBUS_TYPE_BYTE,
-                                               &flags, sizeof(flags));
+                                               &flags, 1);
        dbus_message_iter_close_container(iter, &array);
 
        return TRUE;