AnsweredAssumed Answered

QN9020 SDK bug

Question asked by yijun ma on Jul 3, 2016
Latest reply on Jun 27, 2017 by Douglas Brunner
int app_smpc_irk_req_ind_handler(ke_msg_id_t const msgid, struct smpc_irk_req_ind const *param,
                               ke_task_id_t const dest_id, ke_task_id_t const src_id)
    QPRINTF("IRK request indication idx is %d.\r\n", param->idx);

    uint8_t reject;
    uint8_t bonded_count = app_get_bond_nb();

    if (param->idx == 0xFF)
        // We recognised this device, so update address for looking up correct LTK
        // It is no need to write back to NVDS.
        app_env.bonded_info[app_env.irk_pos - 1].peer_addr = app_env.dev_rec[param->idx].bonded_info.peer_addr;
        app_env.irk_pos = 0;
        return (KE_MSG_CONSUMED);


param->idx == 0xFF

app_env.dev_rec[param->idx] will access out of boundary.