linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [BlueZ PATCH] a2dp:fixing double free in load_remote_sep
@ 2020-06-01  0:56 Alain Michaud
  2020-06-01 16:29 ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 2+ messages in thread
From: Alain Michaud @ 2020-06-01  0:56 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Alain Michaud

This patch fixes a double free condition in load_remote_sep. Value is
freed, then the inner loop is broken, but the rest of the outer loop
will attempt to free value again.

---

 profiles/audio/a2dp.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index a2ce3204d..6f46c92bf 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
 
 			if (sscanf(caps + i, "%02hhx", tmp) != 1) {
 				warn("Unable to load Endpoint: seid %u", rseid);
-				g_free(value);
 				break;
 			}
 		}
-- 
2.27.0.rc2.251.g90737beb825-goog


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [BlueZ PATCH] a2dp:fixing double free in load_remote_sep
  2020-06-01  0:56 [BlueZ PATCH] a2dp:fixing double free in load_remote_sep Alain Michaud
@ 2020-06-01 16:29 ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2020-06-01 16:29 UTC (permalink / raw)
  To: Alain Michaud; +Cc: linux-bluetooth

Hi Alain,

On Sun, May 31, 2020 at 6:03 PM Alain Michaud <alainm@chromium.org> wrote:
>
> This patch fixes a double free condition in load_remote_sep. Value is
> freed, then the inner loop is broken, but the rest of the outer loop
> will attempt to free value again.
>
> ---
>
>  profiles/audio/a2dp.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index a2ce3204d..6f46c92bf 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
>
>                         if (sscanf(caps + i, "%02hhx", tmp) != 1) {
>                                 warn("Unable to load Endpoint: seid %u", rseid);
> -                               g_free(value);
>                                 break;
>                         }
>                 }
> --
> 2.27.0.rc2.251.g90737beb825-goog

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-01 16:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-01  0:56 [BlueZ PATCH] a2dp:fixing double free in load_remote_sep Alain Michaud
2020-06-01 16:29 ` Luiz Augusto von Dentz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).