* [PATCH BlueZ 1/2] admin: Fix leaking uuids loads from storage
@ 2021-09-16 22:38 Luiz Augusto von Dentz
2021-09-16 22:38 ` [PATCH BlueZ 2/2] admin: Fix double free Luiz Augusto von Dentz
2021-09-16 22:56 ` [BlueZ,1/2] admin: Fix leaking uuids loads from storage bluez.test.bot
0 siblings, 2 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2021-09-16 22:38 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes the following trace:
8 bytes in 1 blocks are definitely lost in loss record 27 of 274
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x495BBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x494C024: g_key_file_get_string_list (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x131ECD: key_file_load_service_allowlist (admin.c:294)
by 0x131ECD: load_policy_settings (admin.c:346)
by 0x131ECD: admin_policy_adapter_probe (admin.c:497)
by 0x18F554: probe_driver (adapter.c:4858)
by 0x19DF5A: load_drivers (adapter.c:4873)
by 0x19DF5A: adapter_register (adapter.c:8975)
by 0x19DF5A: read_info_complete (adapter.c:9791)
by 0x1CE831: request_complete (mgmt.c:264)
by 0x1CF7D4: can_read_data (mgmt.c:356)
by 0x1DE634: watch_callback (io-glib.c:157)
by 0x4953A9E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x49A5A97: ??? (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x4953162: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6600.8)
---
plugins/admin.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/plugins/admin.c b/plugins/admin.c
index 8390f3c32..c232c057c 100644
--- a/plugins/admin.c
+++ b/plugins/admin.c
@@ -12,6 +12,7 @@
#include <config.h>
#endif
+#include <stdlib.h>
#include <dbus/dbus.h>
#include <gdbus/gdbus.h>
#include <sys/file.h>
@@ -74,7 +75,7 @@ static struct btd_admin_policy *admin_policy_new(struct btd_adapter *adapter)
static void free_service_allowlist(struct queue *q)
{
- queue_destroy(q, g_free);
+ queue_destroy(q, free);
}
static void admin_policy_free(void *data)
@@ -307,7 +308,7 @@ static void key_file_load_service_allowlist(GKeyFile *key_file,
if (!uuid)
goto failed;
- if (bt_string_to_uuid(uuid, *uuids)) {
+ if (bt_string_to_uuid(uuid, uuids[i])) {
btd_error(admin_policy->adapter_id,
"Failed to convert '%s' to uuid struct",
@@ -318,14 +319,16 @@ static void key_file_load_service_allowlist(GKeyFile *key_file,
}
queue_push_tail(uuid_list, uuid);
- uuids++;
}
if (!service_allowlist_set(admin_policy, uuid_list))
goto failed;
+ g_strfreev(uuids);
+
return;
failed:
+ g_strfreev(uuids);
free_service_allowlist(uuid_list);
}
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH BlueZ 2/2] admin: Fix double free
2021-09-16 22:38 [PATCH BlueZ 1/2] admin: Fix leaking uuids loads from storage Luiz Augusto von Dentz
@ 2021-09-16 22:38 ` Luiz Augusto von Dentz
2021-09-16 22:56 ` [BlueZ,1/2] admin: Fix leaking uuids loads from storage bluez.test.bot
1 sibling, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2021-09-16 22:38 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fixes the following double free which happen due to exit calling
btd_unregister_adapter_driver:
Invalid read of size 8
at 0x1CDA97: queue_foreach (queue.c:198)
by 0x1318B8: admin_policy_remove (admin.c:591)
by 0x18982A: plugin_cleanup (plugin.c:217)
by 0x12E3FD: main (main.c:1214)
Address 0x547ffb8 is 8 bytes inside a block of size 32 free'd
at 0x483A9F5: free (vg_replace_malloc.c:538)
by 0x1318CB: admin_policy_remove (admin.c:592)
by 0x18F416: unload_driver (adapter.c:7215)
by 0x496F50F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x131988: admin_exit (admin.c:623)
by 0x18982A: plugin_cleanup (plugin.c:217)
by 0x12E3FD: main (main.c:1214)
Block was alloc'd at
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x1CDE1E: btd_malloc (util.c:33)
by 0x1CD83D: queue_new (queue.c:47)
by 0x13150D: admin_init (admin.c:614)
by 0x18966B: plugin_init (plugin.c:187)
by 0x12E358: main (main.c:1198)
---
plugins/admin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/admin.c b/plugins/admin.c
index c232c057c..7b7190a06 100644
--- a/plugins/admin.c
+++ b/plugins/admin.c
@@ -590,6 +590,7 @@ static void admin_policy_remove(struct btd_adapter *adapter)
queue_foreach(devices, unregister_device_data, NULL);
queue_destroy(devices, g_free);
+ devices = NULL;
if (policy_data) {
admin_policy_destroy(policy_data);
@@ -621,7 +622,6 @@ static void admin_exit(void)
DBG("");
btd_unregister_adapter_driver(&admin_policy_driver);
- admin_policy_remove(NULL);
}
BLUETOOTH_PLUGIN_DEFINE(admin, VERSION,
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [BlueZ,1/2] admin: Fix leaking uuids loads from storage
2021-09-16 22:38 [PATCH BlueZ 1/2] admin: Fix leaking uuids loads from storage Luiz Augusto von Dentz
2021-09-16 22:38 ` [PATCH BlueZ 2/2] admin: Fix double free Luiz Augusto von Dentz
@ 2021-09-16 22:56 ` bluez.test.bot
1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2021-09-16 22:56 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 2146 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=548487
---Test result---
Test Summary:
CheckPatch FAIL 2.78 seconds
GitLint FAIL 1.90 seconds
Prep - Setup ELL PASS 49.13 seconds
Build - Prep PASS 0.47 seconds
Build - Configure PASS 8.99 seconds
Build - Make PASS 211.41 seconds
Make Check PASS 9.40 seconds
Make Distcheck PASS 251.47 seconds
Build w/ext ELL - Configure PASS 9.15 seconds
Build w/ext ELL - Make PASS 199.07 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Output:
[BlueZ,1/2] admin: Fix leaking uuids loads from storage
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#93:
by 0x494C024: g_key_file_get_string_list (in /usr/lib64/libglib-2.0.so.0.6600.8)
/github/workspace/src/12500439.patch total: 0 errors, 1 warnings, 40 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/12500439.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint with rule in .gitlint
Output:
[BlueZ,1/2] admin: Fix leaking uuids loads from storage
8: B1 Line exceeds max length (83>80): " by 0x494C024: g_key_file_get_string_list (in /usr/lib64/libglib-2.0.so.0.6600.8)"
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-16 22:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-16 22:38 [PATCH BlueZ 1/2] admin: Fix leaking uuids loads from storage Luiz Augusto von Dentz
2021-09-16 22:38 ` [PATCH BlueZ 2/2] admin: Fix double free Luiz Augusto von Dentz
2021-09-16 22:56 ` [BlueZ,1/2] admin: Fix leaking uuids loads from storage bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).