* [PATCH BlueZ] device: Fix crash attempting to read Sets property
@ 2023-03-13 18:31 Luiz Augusto von Dentz
2023-03-13 19:39 ` [BlueZ] " bluez.test.bot
2023-03-14 19:40 ` [PATCH BlueZ] " patchwork-bot+bluetooth
0 siblings, 2 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2023-03-13 18:31 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The following set can be observed when a sirk is exists but it is
encrypted leading to info->set to not be set:
Invalid read of size 8
at 0x1ACDF0: append_set (device.c:1662)
by 0x1FFEFFF7DF: ???
by 0x1D4461: queue_foreach (queue.c:207)
by 0x1AC8DE: dev_property_get_set (device.c:1700)
by 0x1CF3E2: append_property (object.c:498)
by 0x1CFA91: append_properties (object.c:527)
by 0x1CFAFD: append_interface (object.c:542)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5A7: append_interfaces (object.c:1104)
by 0x1CF5A7: append_object (object.c:1119)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5D0: append_object (object.c:1122)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
Address 0x8 is not stack'd, malloc'd or (recently) free'd
---
src/device.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index 77b38e97a7ea..f31f2a097e07 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1659,10 +1659,15 @@ static gboolean dev_property_wake_allowed_exist(
static void append_set(void *data, void *user_data)
{
struct sirk_info *info = data;
- const char *path = btd_set_get_path(info->set);
+ const char *path;
DBusMessageIter *iter = user_data;
DBusMessageIter entry, dict;
+ if (!info->set)
+ return;
+
+ path = btd_set_get_path(info->set);
+
dbus_message_iter_open_container(iter, DBUS_TYPE_DICT_ENTRY, NULL,
&entry);
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [BlueZ] device: Fix crash attempting to read Sets property
2023-03-13 18:31 [PATCH BlueZ] device: Fix crash attempting to read Sets property Luiz Augusto von Dentz
@ 2023-03-13 19:39 ` bluez.test.bot
2023-03-14 19:40 ` [PATCH BlueZ] " patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2023-03-13 19:39 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 947 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=729577
---Test result---
Test Summary:
CheckPatch PASS 0.54 seconds
GitLint PASS 0.36 seconds
BuildEll PASS 27.32 seconds
BluezMake PASS 871.82 seconds
MakeCheck PASS 11.35 seconds
MakeDistcheck PASS 152.15 seconds
CheckValgrind PASS 249.23 seconds
CheckSmatch PASS 337.61 seconds
bluezmakeextell PASS 100.19 seconds
IncrementalBuild PASS 724.58 seconds
ScanBuild PASS 1055.53 seconds
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH BlueZ] device: Fix crash attempting to read Sets property
2023-03-13 18:31 [PATCH BlueZ] device: Fix crash attempting to read Sets property Luiz Augusto von Dentz
2023-03-13 19:39 ` [BlueZ] " bluez.test.bot
@ 2023-03-14 19:40 ` patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+bluetooth @ 2023-03-14 19:40 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Mon, 13 Mar 2023 11:31:21 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> The following set can be observed when a sirk is exists but it is
> encrypted leading to info->set to not be set:
>
> Invalid read of size 8
> at 0x1ACDF0: append_set (device.c:1662)
> by 0x1FFEFFF7DF: ???
> by 0x1D4461: queue_foreach (queue.c:207)
> by 0x1AC8DE: dev_property_get_set (device.c:1700)
> by 0x1CF3E2: append_property (object.c:498)
> by 0x1CFA91: append_properties (object.c:527)
> by 0x1CFAFD: append_interface (object.c:542)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> by 0x1CF5A7: append_interfaces (object.c:1104)
> by 0x1CF5A7: append_object (object.c:1119)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> by 0x1CF5D0: append_object (object.c:1122)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> Address 0x8 is not stack'd, malloc'd or (recently) free'd
>
> [...]
Here is the summary with links:
- [BlueZ] device: Fix crash attempting to read Sets property
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=2762129212f1
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-14 19:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-13 18:31 [PATCH BlueZ] device: Fix crash attempting to read Sets property Luiz Augusto von Dentz
2023-03-13 19:39 ` [BlueZ] " bluez.test.bot
2023-03-14 19:40 ` [PATCH BlueZ] " patchwork-bot+bluetooth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.