From: Luiz Augusto von Dentz <[email protected]>
If remote device cannot be found after page_timeout then the code shall
not proceed to call pending_conn_del.
---
emulator/btdev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 4c9f5d1811d4..139ab69b4029 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -1248,6 +1248,9 @@ static void conn_complete(struct btdev *btdev,
struct bt_hci_evt_conn_complete cc;
struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
+ if (!remote)
+ return;
+
if (!status) {
struct btdev_conn *conn;
--
2.43.0
From: Luiz Augusto von Dentz <[email protected]>
This fixes to following trace caused by not initializing data->io:
AddressSanitizer:DEADLYSIGNAL
=================================================================
ERROR: AddressSanitizer: SEGV on unknown address
(pc 0x7f199c3a01c9 bp 0x7ffc26624a10 sp 0x7ffc26624a00 T0)
The signal is caused by a READ memory access.
Hint: this fault was caused by a dereference of a high value address
(see register values below). Disassemble the provided pc to learn .
#0 0x7f199c3a01c9 in g_io_channel_unref (/lib64/libglib-2.0.so.0+0x4d1c9)
#1 0x5565f82fcece in test_post_teardown tools/rfcomm-tester.c:205
#2 0x5565f83939b3 in teardown_callback src/shared/tester.c:434
---
tools/rfcomm-tester.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/rfcomm-tester.c b/tools/rfcomm-tester.c
index a9adf7f0f52d..b78b50537e4a 100644
--- a/tools/rfcomm-tester.c
+++ b/tools/rfcomm-tester.c
@@ -30,6 +30,7 @@
#include "src/shared/tester.h"
#include "src/shared/mgmt.h"
+#include "src/shared/util.h"
struct test_data {
struct mgmt *mgmt;
@@ -815,9 +816,7 @@ static void test_server(const void *test_data)
#define test_rfcomm(name, data, setup, func) \
do { \
struct test_data *user; \
- user = malloc(sizeof(struct test_data)); \
- if (!user) \
- break; \
+ user = new0(struct test_data, 1); \
user->hciemu_type = HCIEMU_TYPE_BREDRLE52; \
user->test_data = data; \
user->io_id = 0; \
--
2.43.0
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=826449
---Test result---
Test Summary:
CheckPatch FAIL 0.83 seconds
GitLint PASS 0.38 seconds
BuildEll PASS 24.08 seconds
BluezMake PASS 735.14 seconds
MakeCheck PASS 11.95 seconds
MakeDistcheck PASS 163.00 seconds
CheckValgrind PASS 226.46 seconds
CheckSmatch WARNING 330.29 seconds
bluezmakeextell PASS 107.46 seconds
IncrementalBuild PASS 1373.61 seconds
ScanBuild WARNING 949.57 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,v1,2/2] rfcomm-tester: Fix crash on test-basic
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#105:
#0 0x7f199c3a01c9 in g_io_channel_unref (/lib64/libglib-2.0.so.0+0x4d1c9)
/github/workspace/src/src/13558579.patch total: 0 errors, 1 warnings, 17 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13558579.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/btdev.c:422:29: warning: Variable length array is used.
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
emulator/btdev.c:1086:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn'
while ((conn = queue_find(dev->conns, match_handle,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/btdev.c:1372:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn')
pending_conn_del(dev, conn->link->dev);
^~~~~~~~~~
emulator/btdev.c:1494:13: warning: Access to field 'dev' results in a dereference of a null pointer (loaded from variable 'conn')
send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
^~~~~~~~~
3 warnings generated.
---
Regards,
Linux Bluetooth
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Thu, 15 Feb 2024 09:52:26 -0500 you wrote:
> From: Luiz Augusto von Dentz <[email protected]>
>
> If remote device cannot be found after page_timeout then the code shall
> not proceed to call pending_conn_del.
> ---
> emulator/btdev.c | 3 +++
> 1 file changed, 3 insertions(+)
Here is the summary with links:
- [BlueZ,v1,1/2] btdev: Fix crash on page_timeout
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f3c35ed835bd
- [BlueZ,v1,2/2] rfcomm-tester: Fix crash on test-basic
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=fb339bde646c
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html