Fix Bluez LE advertiser crash on large advertisement data

The calculation to count the number of service UUIDs that fit the 31
bytes resulted in choosing a number of services that doesn't fit,
ultimately leading to a memset() crash a bit later.

Fixes: QTBUG-104060
Change-Id: Iad170cfded7363f820a92230df27cdb57bce3814
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
(cherry picked from commit efc4541af0f02d254cabf82b3db0412e7b83682e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/src/bluetooth/qleadvertiser_bluez.cpp b/src/bluetooth/qleadvertiser_bluez.cpp
index e0ef450f..911317b2 100644
--- a/src/bluetooth/qleadvertiser_bluez.cpp
+++ b/src/bluetooth/qleadvertiser_bluez.cpp
@@ -255,7 +255,8 @@ static void addServicesData(AdvData &data, const QList<T> &services)
         return;
     constexpr auto sizeofT = static_cast<int>(sizeof(T)); // signed is more convenient
     const qsizetype spaceAvailable = sizeof data.data - data.length;
-    const qsizetype maxServices = (std::max)((spaceAvailable - 2) / sizeofT, services.size());
+    // Determine how many services will be set, space may limit the number
+    const qsizetype maxServices = (std::min)((spaceAvailable - 2) / sizeofT, services.size());
     if (maxServices <= 0) {
         qCWarning(QT_BT_BLUEZ) << "services data does not fit into advertising data packet";
         return;