controller/ble_ll_sync.c: acad_len potentially uninitialised acad_len in ble_ll_sync_rx_pkt_in is filled in ble_ll_sync_parse_ext_hdr and later accessed in ble_ll_sync_check_acad. There is a possibility that extended advertising header is missing data containing acad, and it will not get filled, leaving it uninitialised.

commit: 89e7090c59a0dd2fa1a556f83dbf7dee81f9df68 [log] [tgz]
author: Krzysztof Kopyściński <krzysztof.kopyscinski@codecoup.pl> Wed Mar 27 08:46:43 2024 +0100
committer: Szymon Janc <szymon.janc@codecoup.pl> Wed Mar 27 09:31:28 2024 +0100
tree: 3997b76afc05b3755b75181e99d334f57a6056b1
parent: 53bae66f71b5ee24e3dc2ada9dd46bb540e33ac8 [diff]
diff --git a/nimble/controller/src/ble_ll_sync.c b/nimble/controller/src/ble_ll_sync.c
index 31c8ec0..d15f1df 100644
--- a/nimble/controller/src/ble_ll_sync.c
+++ b/nimble/controller/src/ble_ll_sync.c

@@ -1136,7 +1136,7 @@
     int8_t tx_power = 127; /* defaults to not available */
     uint8_t *aux = NULL;
     uint8_t *acad = NULL;
-    uint8_t acad_len;
+    uint8_t acad_len = 0;
     const uint8_t *biginfo = NULL;
     uint8_t biginfo_len = 0;
     int datalen;
commit	89e7090c59a0dd2fa1a556f83dbf7dee81f9df68	[log] [tgz]
author	Krzysztof Kopyściński <krzysztof.kopyscinski@codecoup.pl>	Wed Mar 27 08:46:43 2024 +0100
committer	Szymon Janc <szymon.janc@codecoup.pl>	Wed Mar 27 09:31:28 2024 +0100
tree	3997b76afc05b3755b75181e99d334f57a6056b1
parent	53bae66f71b5ee24e3dc2ada9dd46bb540e33ac8 [diff]