* [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE
@ 2022-05-07 17:35 Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:35 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
This patch set includes few fixes for bugs that was found by
Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Changelog:
[v3] Removed trailing whitespace (style issue).
[v2] Some minor style changes after CI check.
[v1] Initial version.
Ildar Kamaletdinov (4):
tools: Fix memory leak in hciconfig
tools: Fix memory leaks in btgatt-server/client
tools: Fix handle leak in rfcomm
device: Fix uninitialized value usage
src/device.c | 3 ++-
tools/btgatt-client.c | 6 +++++-
tools/btgatt-server.c | 5 ++++-
tools/hciconfig.c | 6 +++++-
tools/rfcomm.c | 4 ++++
5 files changed, 20 insertions(+), 4 deletions(-)
--
2.35.3
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
@ 2022-05-07 17:35 ` Ildar Kamaletdinov
2022-05-07 20:16 ` Fix few more bugs found by SVACE bluez.test.bot
2022-05-07 17:35 ` [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Ildar Kamaletdinov
` (3 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:35 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
printf() was using function that return dynamic allocated memory as
a parameter.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/hciconfig.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/hciconfig.c b/tools/hciconfig.c
index e4d521583..a1c615bfa 100644
--- a/tools/hciconfig.c
+++ b/tools/hciconfig.c
@@ -80,7 +80,11 @@ static void print_pkt_type(struct hci_dev_info *di)
static void print_link_policy(struct hci_dev_info *di)
{
- printf("\tLink policy: %s\n", hci_lptostr(di->link_policy));
+ char *str;
+
+ str = hci_lptostr(di->link_policy);
+ printf("\tLink policy: %s\n", str);
+ bt_free(str);
}
static void print_link_mode(struct hci_dev_info *di)
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
@ 2022-05-07 17:35 ` Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:35 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/btgatt-client.c | 6 +++++-
tools/btgatt-server.c | 5 ++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c
index 8c9365aa2..58a03bd48 100644
--- a/tools/btgatt-client.c
+++ b/tools/btgatt-client.c
@@ -1355,12 +1355,16 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
return;
}
- if ((read = getline(&line, &len, stdin)) == -1)
+ read = getline(&line, &len, stdin);
+ if (read < 0) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(cli, NULL);
print_prompt();
+ free(line);
return;
}
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 4a5d2b720..90a6c9b0a 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -1080,12 +1080,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
}
read = getline(&line, &len, stdin);
- if (read < 0)
+ if (read < 0) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(server, NULL);
print_prompt();
+ free(line);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Ildar Kamaletdinov
@ 2022-05-07 17:35 ` Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 4/4] device: Fix uninitialized value usage Ildar Kamaletdinov
2022-05-09 20:10 ` [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE patchwork-bot+bluetooth
4 siblings, 0 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:35 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/rfcomm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/rfcomm.c b/tools/rfcomm.c
index cd520aa44..e013ff588 100644
--- a/tools/rfcomm.c
+++ b/tools/rfcomm.c
@@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg
if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
+ close(sk);
return;
}
}
@@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) {
perror("Can't get RFCOMM socket name");
close(nsk);
+ close(sk);
return;
}
@@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
close(nsk);
+ close(sk);
return;
}
}
@@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
if (dev < 0) {
perror("Can't create RFCOMM TTY");
+ close(nsk);
close(sk);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 4/4] device: Fix uninitialized value usage
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
` (2 preceding siblings ...)
2022-05-07 17:35 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
@ 2022-05-07 17:35 ` Ildar Kamaletdinov
2022-05-09 20:10 ` [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE patchwork-bot+bluetooth
4 siblings, 0 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:35 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Definitely `dbus_bool_t b;` must be initialized before comparing it
with current value.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
src/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index 6da5c380b..7114e1b3e 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1568,6 +1568,8 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property,
return;
}
+ dbus_message_iter_get_basic(value, &b);
+
/* Emit busy or success depending on current value. */
if (b == device->pending_wake_allowed) {
if (device->wake_allowed == device->pending_wake_allowed)
@@ -1580,7 +1582,6 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property,
return;
}
- dbus_message_iter_get_basic(value, &b);
device_set_wake_override(device, b);
device_set_wake_allowed(device, b, id);
}
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* RE: Fix few more bugs found by SVACE
2022-05-07 17:35 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
@ 2022-05-07 20:16 ` bluez.test.bot
0 siblings, 0 replies; 9+ messages in thread
From: bluez.test.bot @ 2022-05-07 20:16 UTC (permalink / raw)
To: linux-bluetooth, i.kamaletdinov
[-- Attachment #1: Type: text/plain, Size: 998 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=639429
---Test result---
Test Summary:
CheckPatch PASS 5.75 seconds
GitLint PASS 4.05 seconds
Prep - Setup ELL PASS 45.04 seconds
Build - Prep PASS 0.68 seconds
Build - Configure PASS 8.92 seconds
Build - Make PASS 1359.48 seconds
Make Check PASS 11.38 seconds
Make Check w/Valgrind PASS 460.06 seconds
Make Distcheck PASS 246.02 seconds
Build w/ext ELL - Configure PASS 8.85 seconds
Build w/ext ELL - Make PASS 1354.51 seconds
Incremental Build with patchesPASS 5536.54 seconds
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
` (3 preceding siblings ...)
2022-05-07 17:35 ` [PATCH BlueZ 4/4] device: Fix uninitialized value usage Ildar Kamaletdinov
@ 2022-05-09 20:10 ` patchwork-bot+bluetooth
4 siblings, 0 replies; 9+ messages in thread
From: patchwork-bot+bluetooth @ 2022-05-09 20:10 UTC (permalink / raw)
To: Ildar Kamaletdinov; +Cc: linux-bluetooth
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Sat, 7 May 2022 20:35:01 +0300 you wrote:
> This patch set includes few fixes for bugs that was found by
> Linux Verification Center (linuxtesting.org) with the SVACE static
> analysis tool.
>
> Changelog:
> [v3] Removed trailing whitespace (style issue).
> [v2] Some minor style changes after CI check.
> [v1] Initial version.
>
> [...]
Here is the summary with links:
- [BlueZ,1/4] tools: Fix memory leak in hciconfig
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=efa90050937c
- [BlueZ,2/4] tools: Fix memory leaks in btgatt-server/client
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=a4741ef4bf6c
- [BlueZ,3/4] tools: Fix handle leak in rfcomm
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e9ec1cf8715d
- [BlueZ,4/4] device: Fix uninitialized value usage
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=42e9b8db92d5
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm
2022-05-07 17:06 [PATCH BlueZ 0/4] [v2] " Ildar Kamaletdinov
@ 2022-05-07 17:07 ` Ildar Kamaletdinov
0 siblings, 0 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 17:07 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/rfcomm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/rfcomm.c b/tools/rfcomm.c
index cd520aa44..e013ff588 100644
--- a/tools/rfcomm.c
+++ b/tools/rfcomm.c
@@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg
if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
+ close(sk);
return;
}
}
@@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) {
perror("Can't get RFCOMM socket name");
close(nsk);
+ close(sk);
return;
}
@@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
close(nsk);
+ close(sk);
return;
}
}
@@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
if (dev < 0) {
perror("Can't create RFCOMM TTY");
+ close(nsk);
close(sk);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
@ 2022-05-07 15:06 ` Ildar Kamaletdinov
0 siblings, 0 replies; 9+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 15:06 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/rfcomm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/rfcomm.c b/tools/rfcomm.c
index cd520aa44..e013ff588 100644
--- a/tools/rfcomm.c
+++ b/tools/rfcomm.c
@@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg
if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
+ close(sk);
return;
}
}
@@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) {
perror("Can't get RFCOMM socket name");
close(nsk);
+ close(sk);
return;
}
@@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
close(nsk);
+ close(sk);
return;
}
}
@@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
if (dev < 0) {
perror("Can't create RFCOMM TTY");
+ close(nsk);
close(sk);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-05-09 20:23 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-07 17:35 [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
2022-05-07 20:16 ` Fix few more bugs found by SVACE bluez.test.bot
2022-05-07 17:35 ` [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
2022-05-07 17:35 ` [PATCH BlueZ 4/4] device: Fix uninitialized value usage Ildar Kamaletdinov
2022-05-09 20:10 ` [PATCH BlueZ 0/4] [v3] Fix few more bugs found by SVACE patchwork-bot+bluetooth
-- strict thread matches above, loose matches on Subject: below --
2022-05-07 17:06 [PATCH BlueZ 0/4] [v2] " Ildar Kamaletdinov
2022-05-07 17:07 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).