All of lore.kernel.org
 help / color / mirror / Atom feed
* [BlueZ PATCH] a2dp:fixing double free in load_remote_sep
@ 2020-06-01  0:56 Alain Michaud
  2020-06-01 16:29 ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 2+ messages in thread
From: Alain Michaud @ 2020-06-01  0:56 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Alain Michaud

This patch fixes a double free condition in load_remote_sep. Value is
freed, then the inner loop is broken, but the rest of the outer loop
will attempt to free value again.

---

 profiles/audio/a2dp.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index a2ce3204d..6f46c92bf 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
 
 			if (sscanf(caps + i, "%02hhx", tmp) != 1) {
 				warn("Unable to load Endpoint: seid %u", rseid);
-				g_free(value);
 				break;
 			}
 		}
-- 
2.27.0.rc2.251.g90737beb825-goog


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [BlueZ PATCH] a2dp:fixing double free in load_remote_sep
  2020-06-01  0:56 [BlueZ PATCH] a2dp:fixing double free in load_remote_sep Alain Michaud
@ 2020-06-01 16:29 ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2020-06-01 16:29 UTC (permalink / raw)
  To: Alain Michaud; +Cc: linux-bluetooth

Hi Alain,

On Sun, May 31, 2020 at 6:03 PM Alain Michaud <alainm@chromium.org> wrote:
>
> This patch fixes a double free condition in load_remote_sep. Value is
> freed, then the inner loop is broken, but the rest of the outer loop
> will attempt to free value again.
>
> ---
>
>  profiles/audio/a2dp.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index a2ce3204d..6f46c92bf 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
>
>                         if (sscanf(caps + i, "%02hhx", tmp) != 1) {
>                                 warn("Unable to load Endpoint: seid %u", rseid);
> -                               g_free(value);
>                                 break;
>                         }
>                 }
> --
> 2.27.0.rc2.251.g90737beb825-goog

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-01 16:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-01  0:56 [BlueZ PATCH] a2dp:fixing double free in load_remote_sep Alain Michaud
2020-06-01 16:29 ` Luiz Augusto von Dentz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.