2013-03-21 07:04:41

by Alex Deymo

[permalink] [raw]
Subject: [PATCH] core: Fix wrong argument on agent *_cb functions.

The last argument for the functions pincode_cb, passkey_cb and confirm_cb is
a user data pointer with the "void *". Those functions expect a
"struct authentication_req *", but insted a "struct btd_device*" without
any complaint from the compiler due the void* cast. This fix passes the
right argument to those functions.

Other uses of those functions as callbacks (agent_request_passkey,
agent_request_pincode, agent_request_authorization and agent_request_confirmation)
pass the right struct authentication_req *.
---

I was having some bluetoothd SEGFAULTs because of this. If you want more details
and an easy repro case, check http://crbug.com/222665 .

src/device.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/device.c b/src/device.c
index 3cd7f10..1630082 100644
--- a/src/device.c
+++ b/src/device.c
@@ -3952,14 +3952,12 @@ int device_notify_pincode(struct btd_device *device, gboolean secure,

static void cancel_authentication(struct authentication_req *auth)
{
- struct btd_device *device;
struct agent *agent;
DBusError err;

if (!auth || !auth->agent)
return;

- device = auth->device;
agent = auth->agent;
auth->agent = NULL;

@@ -3968,19 +3966,19 @@ static void cancel_authentication(struct authentication_req *auth)

switch (auth->type) {
case AUTH_TYPE_PINCODE:
- pincode_cb(agent, &err, NULL, device);
+ pincode_cb(agent, &err, NULL, auth);
break;
case AUTH_TYPE_CONFIRM:
- confirm_cb(agent, &err, device);
+ confirm_cb(agent, &err, auth);
break;
case AUTH_TYPE_PASSKEY:
- passkey_cb(agent, &err, 0, device);
+ passkey_cb(agent, &err, 0, auth);
break;
case AUTH_TYPE_NOTIFY_PASSKEY:
/* User Notify doesn't require any reply */
break;
case AUTH_TYPE_NOTIFY_PINCODE:
- pincode_cb(agent, &err, NULL, device);
+ pincode_cb(agent, &err, NULL, auth);
break;
}

--
1.7.10.4


2013-03-21 09:00:59

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH] core: Fix wrong argument on agent *_cb functions.

Hi Alex,

On Thu, Mar 21, 2013, Alex Deymo wrote:
> The last argument for the functions pincode_cb, passkey_cb and confirm_cb is
> a user data pointer with the "void *". Those functions expect a
> "struct authentication_req *", but insted a "struct btd_device*" without
> any complaint from the compiler due the void* cast. This fix passes the
> right argument to those functions.
>
> Other uses of those functions as callbacks (agent_request_passkey,
> agent_request_pincode, agent_request_authorization and agent_request_confirmation)
> pass the right struct authentication_req *.
> ---
>
> I was having some bluetoothd SEGFAULTs because of this. If you want more details
> and an easy repro case, check http://crbug.com/222665 .
>
> src/device.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)

Good catch. The patch has now been applied. Thanks.

Johan