* Re: [PATCH] Audio/Media: Fix incorrect value dereference
@ 2015-07-21 9:01 RAKESH MK
2015-07-21 10:34 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 3+ messages in thread
From: RAKESH MK @ 2015-07-21 9:01 UTC (permalink / raw)
To: RAKESH MK, linux-bluetooth
DQoNCi0tLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLS0tDQpTZW5kZXIgOiBSQUtFU0ggTUs8
cmFrZXNoLm1rQHNhbXN1bmcuY29tPiBUZWNobmljYWwgTGVhZC9TUkktQmFuZ2Fsb3JlLVN5c3Rl
bSAmIENvbm5lY3Rpdml0eS9TYW1zdW5nIEVsZWN0cm9uaWNzDQpEYXRlIDogSnVsIDEzLCAyMDE1
IDE4OjIwIChHTVQrMDU6MzApDQpUaXRsZSA6IFtQQVRDSF0gQXVkaW8vTWVkaWE6IEZpeCBpbmNv
cnJlY3QgdmFsdWUgZGVyZWZlcmVuY2UNCg0KcGFyYW1ldGVyIHZhbHVlIHBhc3NlZCB0byB0aGUg
Y29uZmlnX2NiIGlzIGEgcG9pbnRlciB0byB0aGUNCmdib29sb2Vhbi4gZGVyZWZlcmVuY2luZyB0
aGUgdmFsdWUgcmF0aGVyIHRoYW4gYWRkcmVzcyBsZWFkcw0KdG8gbWlzbWF0Y2ggaW4gaGFuZGxp
bmcgdGhlIHJldHVybiB2YWx1ZS4NCg0KYXZkdHAuYzphdmR0cF9wYXJzZV9jbWQoKSBSZWNlaXZl
ZCBTRVRfQ09ORklHVVJBVElPTl9DTUQNCmEyZHAuYzplbmRwb2ludF9zZXRjb25mX2luZCgpIFNv
dXJjZSAweGI3ZDQ5ZWY4OiBTZXRfQ29uZmlndXJhdGlvbl9JbmQNCmEyZHAuYzpzZXR1cF9yZWYo
KSAweGI3ZDUzYjk4OiByZWY9Mg0KbWVkaWEuYzptZWRpYV9hZGFwdGVyX2dldF9wbGF5ZXIoKQ0K
bWVkaWEuYzptZWRpYV9zZXRfc2lua19jYWxsYmFjaygpDQptZWRpYS5jOm1lZGlhX2VuZHBvaW50
X2FzeW5jX2NhbGwoKSBDYWxsaW5nIFNldENvbmZpZ3VyYXRpb246IG5hbWUgPSA6MS4zNyBwYXRo
ID0gL01lZGlhRW5kcG9pbnQvQTJEUFNvdXJjZQ0KDQoqIzAgIDB4YjZjZWExODQgaW4gX19saWJj
X2ZyZWUgKG1lbT0weGJlYWQzYWU0KSBhdCBtYWxsb2MuYzozNzM2DQoqIzEgIDB4YjZlMzM0Njgg
aW4gZ19mcmVlICgpIGZyb20gL3Vzci9saWIvbGliZ2xpYi0yLjAuc28uMA0KKiMyICAweGI2ZjI1
ZGIwIGluIGF1dG9fY29uZmlnIChkYXRhPTB4YjdkNTNiOTgpIGF0IHByb2ZpbGVzL2F1ZGlvL2Ey
ZHAuYzo0MzANCiojMyAgMHhiNmYyYWQ3NiBpbiBjb25maWdfY2IgKGVuZHBvaW50PSwNCiogICAg
cmV0PSwgc2l6ZT0sDQoqICAgIHVzZXJfZGF0YT0pIGF0IHByb2ZpbGVzL2F1ZGlvL21lZGlhLmM6
NzA3DQoqIzQgIDB4YjZmMmNjNGEgaW4gZW5kcG9pbnRfcmVwbHkgKGNhbGw9LA0KKiAgICB1c2Vy
X2RhdGE9MHhiN2Q1MTZiMCkgYXQgcHJvZmlsZXMvYXVkaW8vbWVkaWEuYzozNTcNCiojNSAgMHhi
NmRkY2U5NiBpbiBfZGJ1c19wZW5kaW5nX2NhbGxfY29tcGxldGUgKHBlbmRpbmc9MHhiN2Q1M2Jj
OCkNCiogICAgYXQgZGJ1cy1wZW5kaW5nLWNhbGwuYzoyMTYNCiojNiAgMHhiNmRjZmU4MiBpbiBj
b21wbGV0ZV9wZW5kaW5nX2NhbGxfYW5kX3VubG9jayAoY29ubmVjdGlvbj0weGI3ZDQ0YjQwLA0K
KiAgICBwZW5kaW5nPTB4YjdkNTNiYzgsIG1lc3NhZ2U9KQ0KKiAgICBhdCBkYnVzLWNvbm5lY3Rp
b24uYzoyMzMxDQotLS0NCnByb2ZpbGVzL2F1ZGlvL21lZGlhLmMgfCAgICAzICsrLQ0KMSBmaWxl
IGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQ0KDQpkaWZmIC0tZ2l0IGEv
cHJvZmlsZXMvYXVkaW8vbWVkaWEuYyBiL3Byb2ZpbGVzL2F1ZGlvL21lZGlhLmMNCmluZGV4IGYx
MjU2OWUuLmVkNDQxZDAgMTAwNjQ0DQotLS0gYS9wcm9maWxlcy9hdWRpby9tZWRpYS5jDQorKysg
Yi9wcm9maWxlcy9hdWRpby9tZWRpYS5jDQpAQCAtNTMyLDggKzUzMiw5IEBAIHN0YXRpYyB2b2lk
IGNvbmZpZ19jYihzdHJ1Y3QgbWVkaWFfZW5kcG9pbnQgKmVuZHBvaW50LCB2b2lkICpyZXQsIGlu
dCBzaXplLA0Kdm9pZCAqdXNlcl9kYXRhKQ0Kew0Kc3RydWN0IGEyZHBfY29uZmlnX2RhdGEgKmRh
dGEgPSB1c2VyX2RhdGE7DQorIGdib29sZWFuICpyZXRfdmFsdWUgPSByZXQ7DQoNCi0gZGF0YS0+
Y2IoZGF0YS0+c2V0dXAsIHJldCA/IFRSVUUgOiBGQUxTRSk7DQorIGRhdGEtPmNiKGRhdGEtPnNl
dHVwLCAqcmV0X3ZhbHVlID8gVFJVRSA6IEZBTFNFKTsNCn0NCg0Kc3RhdGljIGludCBzZXRfY29u
ZmlnKHN0cnVjdCBhMmRwX3NlcCAqc2VwLCB1aW50OF90ICpjb25maWd1cmF0aW9uLA0KLS0gDQox
LjcuOS41DQoNCitQaW5n
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Audio/Media: Fix incorrect value dereference
2015-07-21 9:01 [PATCH] Audio/Media: Fix incorrect value dereference RAKESH MK
@ 2015-07-21 10:34 ` Luiz Augusto von Dentz
0 siblings, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2015-07-21 10:34 UTC (permalink / raw)
To: Rakesh M K; +Cc: linux-bluetooth
Hi Rakesh,
On Tue, Jul 21, 2015 at 12:01 PM, RAKESH MK <rakesh.mk@samsung.com> wrote:
>
>
> ------- Original Message -------
> Sender : RAKESH MK<rakesh.mk@samsung.com> Technical Lead/SRI-Bangalore-System & Connectivity/Samsung Electronics
> Date : Jul 13, 2015 18:20 (GMT+05:30)
> Title : [PATCH] Audio/Media: Fix incorrect value dereference
>
> parameter value passed to the config_cb is a pointer to the
> gbooloean. dereferencing the value rather than address leads
> to mismatch in handling the return value.
>
> avdtp.c:avdtp_parse_cmd() Received SET_CONFIGURATION_CMD
> a2dp.c:endpoint_setconf_ind() Source 0xb7d49ef8: Set_Configuration_Ind
> a2dp.c:setup_ref() 0xb7d53b98: ref=2
> media.c:media_adapter_get_player()
> media.c:media_set_sink_callback()
> media.c:media_endpoint_async_call() Calling SetConfiguration: name = :1.37 path = /MediaEndpoint/A2DPSource
>
> *#0 0xb6cea184 in __libc_free (mem=0xbead3ae4) at malloc.c:3736
> *#1 0xb6e33468 in g_free () from /usr/lib/libglib-2.0.so.0
> *#2 0xb6f25db0 in auto_config (data=0xb7d53b98) at profiles/audio/a2dp.c:430
> *#3 0xb6f2ad76 in config_cb (endpoint=,
> * ret=, size=,
> * user_data=) at profiles/audio/media.c:707
> *#4 0xb6f2cc4a in endpoint_reply (call=,
> * user_data=0xb7d516b0) at profiles/audio/media.c:357
> *#5 0xb6ddce96 in _dbus_pending_call_complete (pending=0xb7d53bc8)
> * at dbus-pending-call.c:216
> *#6 0xb6dcfe82 in complete_pending_call_and_unlock (connection=0xb7d44b40,
> * pending=0xb7d53bc8, message=)
> * at dbus-connection.c:2331
> ---
> profiles/audio/media.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/profiles/audio/media.c b/profiles/audio/media.c
> index f12569e..ed441d0 100644
> --- a/profiles/audio/media.c
> +++ b/profiles/audio/media.c
> @@ -532,8 +532,9 @@ static void config_cb(struct media_endpoint *endpoint, void *ret, int size,
> void *user_data)
> {
> struct a2dp_config_data *data = user_data;
> + gboolean *ret_value = ret;
>
> - data->cb(data->setup, ret ? TRUE : FALSE);
> + data->cb(data->setup, *ret_value ? TRUE : FALSE);
> }
>
> static int set_config(struct a2dp_sep *sep, uint8_t *configuration,
> --
> 1.7.9.5
>
> +Ping
Applied, thanks.
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] Audio/Media: Fix incorrect value dereference
@ 2015-07-13 12:50 Rakesh M K
0 siblings, 0 replies; 3+ messages in thread
From: Rakesh M K @ 2015-07-13 12:50 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Rakesh M K
parameter value passed to the config_cb is a pointer to the
gbooloean. dereferencing the value rather than address leads
to mismatch in handling the return value.
avdtp.c:avdtp_parse_cmd() Received SET_CONFIGURATION_CMD
a2dp.c:endpoint_setconf_ind() Source 0xb7d49ef8: Set_Configuration_Ind
a2dp.c:setup_ref() 0xb7d53b98: ref=2
media.c:media_adapter_get_player()
media.c:media_set_sink_callback()
media.c:media_endpoint_async_call() Calling SetConfiguration: name = :1.37 path = /MediaEndpoint/A2DPSource
*#0 0xb6cea184 in __libc_free (mem=0xbead3ae4) at malloc.c:3736
*#1 0xb6e33468 in g_free () from /usr/lib/libglib-2.0.so.0
*#2 0xb6f25db0 in auto_config (data=0xb7d53b98) at profiles/audio/a2dp.c:430
*#3 0xb6f2ad76 in config_cb (endpoint=<value optimized out>,
* ret=<value optimized out>, size=<value optimized out>,
* user_data=<value optimized out>) at profiles/audio/media.c:707
*#4 0xb6f2cc4a in endpoint_reply (call=<value optimized out>,
* user_data=0xb7d516b0) at profiles/audio/media.c:357
*#5 0xb6ddce96 in _dbus_pending_call_complete (pending=0xb7d53bc8)
* at dbus-pending-call.c:216
*#6 0xb6dcfe82 in complete_pending_call_and_unlock (connection=0xb7d44b40,
* pending=0xb7d53bc8, message=<value optimized out>)
* at dbus-connection.c:2331
---
profiles/audio/media.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/profiles/audio/media.c b/profiles/audio/media.c
index f12569e..ed441d0 100644
--- a/profiles/audio/media.c
+++ b/profiles/audio/media.c
@@ -532,8 +532,9 @@ static void config_cb(struct media_endpoint *endpoint, void *ret, int size,
void *user_data)
{
struct a2dp_config_data *data = user_data;
+ gboolean *ret_value = ret;
- data->cb(data->setup, ret ? TRUE : FALSE);
+ data->cb(data->setup, *ret_value ? TRUE : FALSE);
}
static int set_config(struct a2dp_sep *sep, uint8_t *configuration,
--
1.7.9.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-21 10:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-21 9:01 [PATCH] Audio/Media: Fix incorrect value dereference RAKESH MK
2015-07-21 10:34 ` Luiz Augusto von Dentz
-- strict thread matches above, loose matches on Subject: below --
2015-07-13 12:50 Rakesh M K
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.