* [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
@ 2022-05-07 15:06 ` Ildar Kamaletdinov
2022-05-07 17:53 ` Fix few more bugs found by SVACE bluez.test.bot
2022-05-07 15:06 ` [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Ildar Kamaletdinov
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 15:06 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
printf() was using function that return dynamic allocated memory as
a parameter.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/hciconfig.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/hciconfig.c b/tools/hciconfig.c
index e4d521583..2619285d5 100644
--- a/tools/hciconfig.c
+++ b/tools/hciconfig.c
@@ -80,7 +80,10 @@ static void print_pkt_type(struct hci_dev_info *di)
static void print_link_policy(struct hci_dev_info *di)
{
- printf("\tLink policy: %s\n", hci_lptostr(di->link_policy));
+ char *str;
+ str = hci_lptostr(di->link_policy);
+ printf("\tLink policy: %s\n", str);
+ bt_free(str);
}
static void print_link_mode(struct hci_dev_info *di)
--
2.35.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* RE: Fix few more bugs found by SVACE
2022-05-07 15:06 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
@ 2022-05-07 17:53 ` bluez.test.bot
0 siblings, 0 replies; 8+ messages in thread
From: bluez.test.bot @ 2022-05-07 17:53 UTC (permalink / raw)
To: linux-bluetooth, i.kamaletdinov
[-- Attachment #1: Type: text/plain, Size: 2724 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=639408
---Test result---
Test Summary:
CheckPatch FAIL 5.63 seconds
GitLint PASS 3.84 seconds
Prep - Setup ELL PASS 42.34 seconds
Build - Prep PASS 0.68 seconds
Build - Configure PASS 8.45 seconds
Build - Make PASS 1317.42 seconds
Make Check PASS 11.74 seconds
Make Check w/Valgrind PASS 438.85 seconds
Make Distcheck PASS 226.73 seconds
Build w/ext ELL - Configure PASS 8.47 seconds
Build w/ext ELL - Make PASS 1317.12 seconds
Incremental Build with patchesPASS 5316.66 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Output:
[BlueZ,1/4] tools: Fix memory leak in hciconfig
WARNING:LINE_SPACING: Missing a blank line after declarations
#68: FILE: tools/hciconfig.c:84:
+ char *str;
+ str = hci_lptostr(di->link_policy);
/github/workspace/src/12842044.patch total: 0 errors, 1 warnings, 11 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/12842044.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,2/4] tools: Fix memory leaks in btgatt-server/client
ERROR:ASSIGN_IN_IF: do not use assignment in if condition
#68: FILE: tools/btgatt-client.c:1358:
+ if ((read = getline(&line, &len, stdin)) == -1) {
/github/workspace/src/12842046.patch total: 1 errors, 0 warnings, 32 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/12842046.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
@ 2022-05-07 15:06 ` Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 4/4] device: Fix uninitialized value usage Ildar Kamaletdinov
3 siblings, 0 replies; 8+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 15:06 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/btgatt-client.c | 5 ++++-
tools/btgatt-server.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c
index 8c9365aa2..9447062fb 100644
--- a/tools/btgatt-client.c
+++ b/tools/btgatt-client.c
@@ -1355,12 +1355,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
return;
}
- if ((read = getline(&line, &len, stdin)) == -1)
+ if ((read = getline(&line, &len, stdin)) == -1) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(cli, NULL);
print_prompt();
+ free(line);
return;
}
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 4a5d2b720..90a6c9b0a 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -1080,12 +1080,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
}
read = getline(&line, &len, stdin);
- if (read < 0)
+ if (read < 0) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(server, NULL);
print_prompt();
+ free(line);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Ildar Kamaletdinov
@ 2022-05-07 15:06 ` Ildar Kamaletdinov
2022-05-07 15:06 ` [PATCH BlueZ 4/4] device: Fix uninitialized value usage Ildar Kamaletdinov
3 siblings, 0 replies; 8+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 15:06 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/rfcomm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/rfcomm.c b/tools/rfcomm.c
index cd520aa44..e013ff588 100644
--- a/tools/rfcomm.c
+++ b/tools/rfcomm.c
@@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg
if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
+ close(sk);
return;
}
}
@@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) {
perror("Can't get RFCOMM socket name");
close(nsk);
+ close(sk);
return;
}
@@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
close(nsk);
+ close(sk);
return;
}
}
@@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
if (dev < 0) {
perror("Can't create RFCOMM TTY");
+ close(nsk);
close(sk);
return;
}
--
2.35.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH BlueZ 4/4] device: Fix uninitialized value usage
2022-05-07 15:06 [PATCH BlueZ 0/4] Fix few more bugs found by SVACE Ildar Kamaletdinov
` (2 preceding siblings ...)
2022-05-07 15:06 ` [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Ildar Kamaletdinov
@ 2022-05-07 15:06 ` Ildar Kamaletdinov
3 siblings, 0 replies; 8+ messages in thread
From: Ildar Kamaletdinov @ 2022-05-07 15:06 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Ildar Kamaletdinov
Definitely `dbus_bool_t b;` must be initialized before comparing it
with current value.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
src/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index 6da5c380b..7114e1b3e 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1568,6 +1568,8 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property,
return;
}
+ dbus_message_iter_get_basic(value, &b);
+
/* Emit busy or success depending on current value. */
if (b == device->pending_wake_allowed) {
if (device->wake_allowed == device->pending_wake_allowed)
@@ -1580,7 +1582,6 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property,
return;
}
- dbus_message_iter_get_basic(value, &b);
device_set_wake_override(device, b);
device_set_wake_allowed(device, b, id);
}
--
2.35.3
^ permalink raw reply related [flat|nested] 8+ messages in thread