[PATCH BlueZ] mesh: Fix Seg Fault

* [PATCH BlueZ] mesh: Fix Seg Fault - App unattached IVIndex chg
@ 2020-07-03 16:20 Brian Gix
  2020-07-03 16:48 ` [BlueZ] " bluez.test.bot
  2020-07-03 16:48 ` bluez.test.bot
  0 siblings, 2 replies; 3+ messages in thread
From: Brian Gix @ 2020-07-03 16:20 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: inga.stotland, brian.gix

Object path to node interfaces do not exist unless the owning
application is attached.  This caused a Segmentation fault if IVIndex
change was signaled.

Crash output:

mesh/pb-adv.c:send_adv_segs() size: 01, CRC: 3e
mesh/pb-adv.c:pb_adv_packet() Link closed notification: 00
mesh/net.c:update_iv_ivu_state() iv_upd_state = IV_UPD_NORMAL

Program received signal SIGSEGV, Segmentation fault.
0xb6fbc1dc in strlen () from /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so
(gdb) backtrace
0  0xb6fbc1dc in strlen () from /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so
1  0x00448488 in l_str_hash (p=0x0) at ell/hashmap.c:168
2  0x00448980 in l_hashmap_lookup (hashmap=0x46b550, key=key@entry=0x0) at ell/hashmap.c:487
3  0x00444704 in _dbus_object_tree_property_changed (dbus=0x469438, path=0x0, interface_name=0x44bb74 "org.bluez.mesh.Node1", property_name=0x44aa18 "IVIndex") at ell/dbus-service.c:1196
4  0x0044545c in l_dbus_property_changed (dbus=<optimized out>, path=<optimized out>, interface=<optimized out>, property=<optimized out>) at ell/dbus-service.c:1804
5  0x0041805c in node_property_changed (node=<optimized out>, property=<optimized out>) at mesh/node.c:2392
6  0x0040c690 in update_iv_ivu_state (ivu=false, iv_index=0, net=0x46e240) at mesh/net.c:2569
7  process_beacon (net_ptr=0x46e240, user_data=0xbefff1e4) at mesh/net.c:2610
8  0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x40c468 <process_beacon>, user_data=user_data@entry=0xbefff1e4) at ell/queue.c:441
9  0x0040a848 in beacon_recv (user_data=<optimized out>, info=<optimized out>, data=<optimized out>, len=<optimized out>) at mesh/net.c:2647
10 0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x408bec <process_rx_callbacks>, function@entry=0x15463acd, user_data=user_data@entry=0xbefff230) at ell/queue.c:441
11 0x00409ec0 in process_rx (len=<optimized out>, data=0xbefff297 "+\001", addr=0xbefff258 "\260\362B", instant=4646248, rssi=-78 '\262', pvt=<optimized out>) at mesh/mesh-io-generic.c:121
12 event_adv_report (io=0x46c3c8, size=<optimized out>, buf=0xbefff255) at mesh/mesh-io-generic.c:159
13 event_callback (buf=<optimized out>, size=<optimized out>, user_data=0x46c3c8) at mesh/mesh-io- generic.c:172
14 0x0042ff58 in queue_foreach (queue=0x46d370, function=0x42f2b0 <process_notify>, user_data=user_data@entry= 0xbefff289) at src/shared/queue.c:219
15 0x0042f674 in process_event (size=<optimized out>, data=0xbefff283, hci=0x46c3d8) at src/shared/hci.c:258
16 io_read_callback (io=<optimized out>, user_data=0x46c3d8) at src/shared/hci.c:286
17 0x00432600 in io_callback (fd=<optimized out>, events=1, user_data=0x46d318) at ell/io.c:126
18 0x0043348c in l_main_iterate (timeout=<optimized out>) at ell/main.c:470
19 0x00433554 in l_main_run () at ell/main.c:520
20 l_main_run () at ell/main.c:502
21 0x004337b4 in l_main_run_with_signal (callback=<optimized out>, user_data=0x0) at ell/main.c:642
22 0x00404e90 in main (argc=<optimized out>, argv=<optimized out>) at mesh/main.c:269
(gdb)
---
 mesh/node.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mesh/node.c b/mesh/node.c
index 9f0f15070..3e888ce61 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -2388,7 +2388,7 @@ void node_property_changed(struct mesh_node *node, const char *property)
 {
 	struct l_dbus *bus = dbus_get_bus();
 
-	if (bus)
+	if (bus && node->obj_path)
 		l_dbus_property_changed(dbus_get_bus(), node->obj_path,
 						MESH_NODE_INTERFACE, property);
 }
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread