* [PATCH BlueZ 0/1] btmon: discard corrupt data
@ 2022-05-05 3:37 LuoZhongYao
2022-05-05 3:37 ` [PATCH BlueZ 1/1] " LuoZhongYao
0 siblings, 1 reply; 3+ messages in thread
From: LuoZhongYao @ 2022-05-05 3:37 UTC (permalink / raw)
To: linux-bluetooth; +Cc: LuoZhongYao
When damaged data is received, the data is not discarded and the offset
is not set correctly, which may cause data->offset == sizeof(data->buf),
resulting in the inability to continue to receive more data
LuoZhongYao (1):
btmon: discard corrupt data
monitor/control.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--
2.35.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH BlueZ 1/1] btmon: discard corrupt data
2022-05-05 3:37 [PATCH BlueZ 0/1] btmon: discard corrupt data LuoZhongYao
@ 2022-05-05 3:37 ` LuoZhongYao
2022-05-05 4:17 ` bluez.test.bot
0 siblings, 1 reply; 3+ messages in thread
From: LuoZhongYao @ 2022-05-05 3:37 UTC (permalink / raw)
To: linux-bluetooth; +Cc: LuoZhongYao
---
monitor/control.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/monitor/control.c b/monitor/control.c
index 009cf15..f256b6a 100644
--- a/monitor/control.c
+++ b/monitor/control.c
@@ -1306,14 +1306,19 @@ static void process_data(struct control_data *data)
data_len = le16_to_cpu(hdr->data_len);
+ if (data_len + 2 > sizeof(data->buf)) {
+ fprintf(stderr, "Received corrupted data from TTY\n");
+ data->offset -= 2;
+ memmove(data->buf, data->buf + 2, data->offset);
+ continue;
+ }
+
if (data->offset < 2 + data_len)
return;
if (data->offset < sizeof(*hdr) + hdr->hdr_len) {
fprintf(stderr, "Received corrupted data from TTY\n");
- memmove(data->buf, data->buf + 2 + data_len,
- data->offset);
- return;
+ goto _drop;
}
if (!tty_parse_header(hdr->ext_hdr, hdr->hdr_len,
@@ -1330,6 +1335,7 @@ static void process_data(struct control_data *data)
packet_monitor(tv, NULL, 0, opcode,
hdr->ext_hdr + hdr->hdr_len, pktlen);
+_drop:
data->offset -= 2 + data_len;
if (data->offset > 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: btmon: discard corrupt data
2022-05-05 3:37 ` [PATCH BlueZ 1/1] " LuoZhongYao
@ 2022-05-05 4:17 ` bluez.test.bot
0 siblings, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2022-05-05 4:17 UTC (permalink / raw)
To: linux-bluetooth, luozhongyao
[-- Attachment #1: Type: text/plain, Size: 3131 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=638555
---Test result---
Test Summary:
CheckPatch PASS 1.45 seconds
GitLint PASS 1.07 seconds
Prep - Setup ELL PASS 40.53 seconds
Build - Prep PASS 0.64 seconds
Build - Configure PASS 7.97 seconds
Build - Make FAIL 25.46 seconds
Make Check FAIL 1.12 seconds
Make Check w/Valgrind FAIL 27.25 seconds
Make Distcheck PASS 218.32 seconds
Build w/ext ELL - Configure PASS 8.12 seconds
Build w/ext ELL - Make FAIL 26.18 seconds
Incremental Build with patchesPASS 0.00 seconds
Details
##############################
Test: Build - Make - FAIL
Desc: Build the BlueZ source tree
Output:
monitor/control.c: In function ‘process_data’:
monitor/control.c:1309:20: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1309 | if (data_len + 2 > sizeof(data->buf)) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7277: monitor/control.o] Error 1
make: *** [Makefile:4310: all] Error 2
##############################
Test: Make Check - FAIL
Desc: Run 'make check'
Output:
monitor/control.c: In function ‘process_data’:
monitor/control.c:1309:20: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1309 | if (data_len + 2 > sizeof(data->buf)) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7277: monitor/control.o] Error 1
make: *** [Makefile:11283: check] Error 2
##############################
Test: Make Check w/Valgrind - FAIL
Desc: Run 'make check' with Valgrind
Output:
monitor/control.c: In function ‘process_data’:
monitor/control.c:1309:20: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1309 | if (data_len + 2 > sizeof(data->buf)) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7277: monitor/control.o] Error 1
make: *** [Makefile:4310: all] Error 2
##############################
Test: Build w/ext ELL - Make - FAIL
Desc: Build BlueZ source with '--enable-external-ell' configuration
Output:
monitor/control.c: In function ‘process_data’:
monitor/control.c:1309:20: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1309 | if (data_len + 2 > sizeof(data->buf)) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7277: monitor/control.o] Error 1
make: *** [Makefile:4310: all] Error 2
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-05 4:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05 3:37 [PATCH BlueZ 0/1] btmon: discard corrupt data LuoZhongYao
2022-05-05 3:37 ` [PATCH BlueZ 1/1] " LuoZhongYao
2022-05-05 4:17 ` bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).