All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH BlueZ] client: Fix crash when exiting
@ 2015-11-12 14:13 Luiz Augusto von Dentz
  2015-11-12 14:38 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2015-11-12 14:13 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When exiting the available proxies are destroy in the same order they are
added causing the following crash when there are attributes whose service
has already been removed:

Invalid read of size 8
   at 0x414AAD: g_dbus_proxy_get_path (client.c:525)
   by 0x40B948: characteristic_is_child (gatt.c:136)
   by 0x40C420: gatt_remove_characteristic (gatt.c:157)
   by 0x4067A7: proxy_removed (main.c:446)
   by 0x414A2E: proxy_free (client.c:439)
   by 0x4E7AF6C: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7AF8A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x415D54: g_dbus_client_unref (client.c:1310)
   by 0x40511B: main (main.c:2067)
 Address 0x5eb5450 is 16 bytes inside a block of size 80 free'd
   at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x4E8479E: g_free (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4149D6: g_dbus_proxy_unref (client.c:517)
   by 0x414A8D: proxy_free (client.c:451)
   by 0x4E7AF6C: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7AF8A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x415D54: g_dbus_client_unref (client.c:1310)
   by 0x40511B: main (main.c:2067)
---
 client/gatt.c | 22 +++++++++++++++++-----
 client/main.c |  8 +++-----
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/client/gatt.c b/client/gatt.c
index 0a3adb8..0617393 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -92,7 +92,13 @@ void gatt_add_service(GDBusProxy *proxy)
 
 void gatt_remove_service(GDBusProxy *proxy)
 {
-	services = g_list_remove(services, proxy);
+	GList *l;
+
+	l = g_list_find(services, proxy);
+	if (!l)
+		return;
+
+	services = g_list_delete_link(services, l);
 
 	print_service(proxy, COLORED_DEL);
 }
@@ -154,10 +160,13 @@ void gatt_add_characteristic(GDBusProxy *proxy)
 
 void gatt_remove_characteristic(GDBusProxy *proxy)
 {
-	if (!characteristic_is_child(proxy))
+	GList *l;
+
+	l = g_list_find(characteristics, proxy);
+	if (!l)
 		return;
 
-	characteristics = g_list_remove(characteristics, proxy);
+	characteristics = g_list_delete_link(characteristics, l);
 
 	print_characteristic(proxy, COLORED_DEL);
 }
@@ -219,10 +228,13 @@ void gatt_add_descriptor(GDBusProxy *proxy)
 
 void gatt_remove_descriptor(GDBusProxy *proxy)
 {
-	if (!descriptor_is_child(proxy))
+	GList *l;
+
+	l = g_list_find(descriptors, proxy);
+	if (!l)
 		return;
 
-	descriptors = g_list_remove(descriptors, proxy);
+	descriptors = g_list_delete_link(descriptors, l);
 
 	print_descriptor(proxy, COLORED_DEL);
 }
diff --git a/client/main.c b/client/main.c
index 6863593..731da7a 100644
--- a/client/main.c
+++ b/client/main.c
@@ -436,12 +436,10 @@ static void proxy_removed(GDBusProxy *proxy, void *user_data)
 				agent_unregister(dbus_conn, NULL);
 		}
 	} else if (!strcmp(interface, "org.bluez.GattService1")) {
-		if (service_is_child(proxy)) {
-			gatt_remove_service(proxy);
+		gatt_remove_service(proxy);
 
-			if (default_attr == proxy)
-				set_default_attribute(NULL);
-		}
+		if (default_attr == proxy)
+			set_default_attribute(NULL);
 	} else if (!strcmp(interface, "org.bluez.GattCharacteristic1")) {
 		gatt_remove_characteristic(proxy);
 
-- 
2.4.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH BlueZ] client: Fix crash when exiting
  2015-11-12 14:13 [PATCH BlueZ] client: Fix crash when exiting Luiz Augusto von Dentz
@ 2015-11-12 14:38 ` Johan Hedberg
  0 siblings, 0 replies; 2+ messages in thread
From: Johan Hedberg @ 2015-11-12 14:38 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth

Hi Luiz,

On Thu, Nov 12, 2015, Luiz Augusto von Dentz wrote:
> When exiting the available proxies are destroy in the same order they are
> added causing the following crash when there are attributes whose service
> has already been removed:
> 
> Invalid read of size 8
>    at 0x414AAD: g_dbus_proxy_get_path (client.c:525)
>    by 0x40B948: characteristic_is_child (gatt.c:136)
>    by 0x40C420: gatt_remove_characteristic (gatt.c:157)
>    by 0x4067A7: proxy_removed (main.c:446)
>    by 0x414A2E: proxy_free (client.c:439)
>    by 0x4E7AF6C: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.4400.1)
>    by 0x4E7AF8A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.4400.1)
>    by 0x415D54: g_dbus_client_unref (client.c:1310)
>    by 0x40511B: main (main.c:2067)
>  Address 0x5eb5450 is 16 bytes inside a block of size 80 free'd
>    at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>    by 0x4E8479E: g_free (in /usr/lib64/libglib-2.0.so.0.4400.1)
>    by 0x4149D6: g_dbus_proxy_unref (client.c:517)
>    by 0x414A8D: proxy_free (client.c:451)
>    by 0x4E7AF6C: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.4400.1)
>    by 0x4E7AF8A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.4400.1)
>    by 0x415D54: g_dbus_client_unref (client.c:1310)
>    by 0x40511B: main (main.c:2067)
> ---
>  client/gatt.c | 22 +++++++++++++++++-----
>  client/main.c |  8 +++-----
>  2 files changed, 20 insertions(+), 10 deletions(-)

Applied. Thanks.

Johan

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-12 14:38 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-12 14:13 [PATCH BlueZ] client: Fix crash when exiting Luiz Augusto von Dentz
2015-11-12 14:38 ` Johan Hedberg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.