All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Fix duplicate free for GATT service includes
@ 2020-11-19 20:02 Pavel Maltsev
  2020-11-19 20:27 ` bluez.test.bot
  0 siblings, 1 reply; 5+ messages in thread
From: Pavel Maltsev @ 2020-11-19 20:02 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Pavel Maltsev

Service includes object is obtained via dbus_message_iter_get_basic call
and according to the contract for the value is that it is returned by
the references and should not be freed so we should make a copy.

The issue I'm running is when the GATT service app is disconnected
(reproduced with gatt-service included in bluez), bluetoothd is crashing:

bluetoothd[9771]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed
bluetoothd[9771]: src/adapter.c:adapter_service_remove() /org/bluez/hci0
bluetoothd[9771]: src/adapter.c:remove_uuid() sending remove uuid command for index 0
bluetoothd[9771]: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x10006
bluetoothd[9771]: src/gatt-database.c:proxy_removed_cb() Proxy removed - removing service: /service1
munmap_chunk(): invalid pointer

Signed-off-by: Pavel Maltsev <pavelm@google.com>
---
 src/gatt-database.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 6694a0174..04b49e2c1 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -2017,7 +2017,11 @@ static bool parse_includes(GDBusProxy *proxy, struct external_service *service)
 
 		dbus_message_iter_get_basic(&array, &obj);
 
-		if (!queue_push_tail(service->includes, obj)) {
+		const char* includes = g_strdup(obj);
+		if (!includes)
+			return false;
+
+		if (!queue_push_tail(service->includes, includes)) {
 			error("Failed to add Includes path in queue\n");
 			return false;
 		}
-- 
2.29.2.299.gdc1121823c-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* RE: Fix duplicate free for GATT service includes
  2020-11-19 20:02 [PATCH] Fix duplicate free for GATT service includes Pavel Maltsev
@ 2020-11-19 20:27 ` bluez.test.bot
  0 siblings, 0 replies; 5+ messages in thread
From: bluez.test.bot @ 2020-11-19 20:27 UTC (permalink / raw)
  To: linux-bluetooth, pavelm

[-- Attachment #1: Type: text/plain, Size: 3557 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=387867

---Test result---

##############################
Test: CheckPatch - FAIL
Output:
Fix duplicate free for GATT service includes
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#13: 
bluetoothd[9771]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed

ERROR:POINTER_LOCATION: "foo* bar" should be "foo *bar"
#31: FILE: src/gatt-database.c:2020:
+		const char* includes = g_strdup(obj);

WARNING:LINE_SPACING: Missing a blank line after declarations
#32: FILE: src/gatt-database.c:2021:
+		const char* includes = g_strdup(obj);
+		if (!includes)

- total: 1 errors, 2 warnings, 12 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

"[PATCH] Fix duplicate free for GATT service includes" has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: CheckGitLint - FAIL
Output:
Fix duplicate free for GATT service includes
10: B1 Line exceeds max length (90>80): "bluetoothd[9771]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed"
12: B1 Line exceeds max length (85>80): "bluetoothd[9771]: src/adapter.c:remove_uuid() sending remove uuid command for index 0"
13: B1 Line exceeds max length (100>80): "bluetoothd[9771]: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x10006"
14: B1 Line exceeds max length (100>80): "bluetoothd[9771]: src/gatt-database.c:proxy_removed_cb() Proxy removed - removing service: /service1"


##############################
Test: CheckBuild - FAIL
Output:
ar: `u' modifier ignored since `D' is the default (see `U')
ar: `u' modifier ignored since `D' is the default (see `U')
ar: `u' modifier ignored since `D' is the default (see `U')
ar: `u' modifier ignored since `D' is the default (see `U')
ar: `u' modifier ignored since `D' is the default (see `U')
src/gatt-database.c: In function ‘parse_includes’:
src/gatt-database.c:2020:3: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 2020 |   const char* includes = g_strdup(obj);
      |   ^~~~~
src/gatt-database.c:2024:43: error: passing argument 2 of ‘queue_push_tail’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
 2024 |   if (!queue_push_tail(service->includes, includes)) {
      |                                           ^~~~~~~~
In file included from src/gatt-database.c:27:
./src/shared/queue.h:25:49: note: expected ‘void *’ but argument is of type ‘const char *’
   25 | bool queue_push_tail(struct queue *queue, void *data);
      |                                           ~~~~~~^~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9022: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:4020: all] Error 2


##############################
Test: MakeCheck - SKIPPED
Output:
checkbuild not success



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Fix duplicate free for GATT service includes
  2020-11-20  1:00 ` bluez.test.bot
@ 2020-11-20 17:48   ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2020-11-20 17:48 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: pavelm

Hi Pavel,

On Thu, Nov 19, 2020 at 5:06 PM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=388009
>
> ---Test result---
>
> ##############################
> Test: CheckPatch - PASS
>
> ##############################
> Test: CheckGitLint - PASS
>
> ##############################
> Test: CheckBuild - PASS
>
> ##############################
> Test: MakeCheck - PASS
>
>
>
> ---
> Regards,
> Linux Bluetooth
>

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: Fix duplicate free for GATT service includes
  2020-11-20  0:22 [PATCH] " Pavel Maltsev
@ 2020-11-20  1:00 ` bluez.test.bot
  2020-11-20 17:48   ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 5+ messages in thread
From: bluez.test.bot @ 2020-11-20  1:00 UTC (permalink / raw)
  To: linux-bluetooth, pavelm

[-- Attachment #1: Type: text/plain, Size: 557 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=388009

---Test result---

##############################
Test: CheckPatch - PASS

##############################
Test: CheckGitLint - PASS

##############################
Test: CheckBuild - PASS

##############################
Test: MakeCheck - PASS



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: Fix duplicate free for GATT service includes
  2020-11-19 21:43 [PATCH] " Pavel Maltsev
@ 2020-11-19 22:31 ` bluez.test.bot
  0 siblings, 0 replies; 5+ messages in thread
From: bluez.test.bot @ 2020-11-19 22:31 UTC (permalink / raw)
  To: linux-bluetooth, pavelm

[-- Attachment #1: Type: text/plain, Size: 1822 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=387933

---Test result---

##############################
Test: CheckPatch - FAIL
Output:
Fix duplicate free for GATT service includes
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#14: 
bluetoothd: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed

- total: 0 errors, 1 warnings, 19 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

"[PATCH] Fix duplicate free for GATT service includes" has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: CheckGitLint - FAIL
Output:
Fix duplicate free for GATT service includes
11: B1 Line exceeds max length (84>80): "bluetoothd: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed"
14: B1 Line exceeds max length (94>80): "bluetoothd: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x10006"
15: B1 Line exceeds max length (94>80): "bluetoothd: src/gatt-database.c:proxy_removed_cb() Proxy removed - removing service: /service1"


##############################
Test: CheckBuild - PASS

##############################
Test: MakeCheck - PASS



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-20 17:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-19 20:02 [PATCH] Fix duplicate free for GATT service includes Pavel Maltsev
2020-11-19 20:27 ` bluez.test.bot
2020-11-19 21:43 [PATCH] " Pavel Maltsev
2020-11-19 22:31 ` bluez.test.bot
2020-11-20  0:22 [PATCH] " Pavel Maltsev
2020-11-20  1:00 ` bluez.test.bot
2020-11-20 17:48   ` Luiz Augusto von Dentz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.