From: Luiz Augusto von Dentz <[email protected]>
The following set can be observed when a sirk is exists but it is
encrypted leading to info->set to not be set:
Invalid read of size 8
at 0x1ACDF0: append_set (device.c:1662)
by 0x1FFEFFF7DF: ???
by 0x1D4461: queue_foreach (queue.c:207)
by 0x1AC8DE: dev_property_get_set (device.c:1700)
by 0x1CF3E2: append_property (object.c:498)
by 0x1CFA91: append_properties (object.c:527)
by 0x1CFAFD: append_interface (object.c:542)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5A7: append_interfaces (object.c:1104)
by 0x1CF5A7: append_object (object.c:1119)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5D0: append_object (object.c:1122)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
Address 0x8 is not stack'd, malloc'd or (recently) free'd
---
src/device.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index 77b38e97a7ea..f31f2a097e07 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1659,10 +1659,15 @@ static gboolean dev_property_wake_allowed_exist(
static void append_set(void *data, void *user_data)
{
struct sirk_info *info = data;
- const char *path = btd_set_get_path(info->set);
+ const char *path;
DBusMessageIter *iter = user_data;
DBusMessageIter entry, dict;
+ if (!info->set)
+ return;
+
+ path = btd_set_get_path(info->set);
+
dbus_message_iter_open_container(iter, DBUS_TYPE_DICT_ENTRY, NULL,
&entry);
--
2.39.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=729577
---Test result---
Test Summary:
CheckPatch PASS 0.54 seconds
GitLint PASS 0.36 seconds
BuildEll PASS 27.32 seconds
BluezMake PASS 871.82 seconds
MakeCheck PASS 11.35 seconds
MakeDistcheck PASS 152.15 seconds
CheckValgrind PASS 249.23 seconds
CheckSmatch PASS 337.61 seconds
bluezmakeextell PASS 100.19 seconds
IncrementalBuild PASS 724.58 seconds
ScanBuild PASS 1055.53 seconds
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Mon, 13 Mar 2023 11:31:21 -0700 you wrote:
> From: Luiz Augusto von Dentz <[email protected]>
>
> The following set can be observed when a sirk is exists but it is
> encrypted leading to info->set to not be set:
>
> Invalid read of size 8
> at 0x1ACDF0: append_set (device.c:1662)
> by 0x1FFEFFF7DF: ???
> by 0x1D4461: queue_foreach (queue.c:207)
> by 0x1AC8DE: dev_property_get_set (device.c:1700)
> by 0x1CF3E2: append_property (object.c:498)
> by 0x1CFA91: append_properties (object.c:527)
> by 0x1CFAFD: append_interface (object.c:542)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> by 0x1CF5A7: append_interfaces (object.c:1104)
> by 0x1CF5A7: append_object (object.c:1119)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> by 0x1CF5D0: append_object (object.c:1122)
> by 0x48D7CEF: g_slist_foreach (gslist.c:887)
> Address 0x8 is not stack'd, malloc'd or (recently) free'd
>
> [...]
Here is the summary with links:
- [BlueZ] device: Fix crash attempting to read Sets property
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=2762129212f1
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html