Changes since v1:
- added 6 patches
- Fix syntax error in "client/gatt: Check write_value() retval"
Bastien Nocera (20):
adapter: Use false instead of 0 for bool
attrib/gatt: Guard against possible integer overflow
client/gatt: Don't pass negative fd on error
client/gatt: Check write_value() retval
client/main: Fix array access
client/main: Fix mismatched free
monitor/att: Fix memory leak
bap: Fix memory leaks
media: Fix memory leak
main: Fix memory leaks
isotest: Consider "0" fd to be valid
isotest: Fix error check after opening file
client/player: Fix copy/paste error
shared/vcp: Fix copy/paste error
isotest: Fix fd leak
iso-tester: Fix fd leak
sdp: Fix use of uninitialised memory
monitor: Work-around memory leak warning
avrcp: Fix uninitialised memory usage
main: Simplify variable assignment
attrib/gatt.c | 8 ++++---
client/gatt.c | 21 +++++++++++++++----
client/main.c | 7 ++++++-
client/player.c | 2 +-
lib/sdp.c | 2 +-
monitor/att.c | 19 +++++++++++++++++
monitor/jlink.c | 3 ++-
profiles/audio/avrcp.c | 10 ++++-----
profiles/audio/bap.c | 47 +++++++++++++++++++++++++++++-------------
profiles/audio/media.c | 1 +
src/adapter.c | 2 +-
src/main.c | 16 +++++++-------
src/shared/vcp.c | 2 +-
tools/iso-tester.c | 1 +
tools/isotest.c | 6 ++++--
15 files changed, 104 insertions(+), 43 deletions(-)
--
2.44.0
Error: COPY_PASTE_ERROR (CWE-398): [#def95] [important]
bluez-5.75/client/player.c:1846:6: original: "qos->sync_cte_type" looks like the original copy.
bluez-5.75/client/player.c:1852:6: copy_paste_error: "sync_cte_type" in "qos->sync_cte_type" looks like a copy-paste error.
bluez-5.75/client/player.c:1852:6: remediation: Should it say "mse" instead?
1850| }
1851|
1852|-> if (qos->sync_cte_type) {
1853| bt_shell_printf("MSE %u\n", qos->mse);
1854| g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE,
---
client/player.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/player.c b/client/player.c
index 6b70e9ed3f9d..7f67425aaf8f 100644
--- a/client/player.c
+++ b/client/player.c
@@ -1849,7 +1849,7 @@ static void append_bcast_qos(DBusMessageIter *iter, struct endpoint_config *cfg)
&qos->sync_cte_type);
}
- if (qos->sync_cte_type) {
+ if (qos->mse) {
bt_shell_printf("MSE %u\n", qos->mse);
g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE,
&qos->mse);
--
2.44.0
Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
bluez-5.75/src/main.c:425:2: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.75/src/main.c:425:2: var_assign: Assigning: "tmp" = storage returned from "g_key_file_get_string(config, group, key, &err)".
bluez-5.75/src/main.c:433:2: noescape: Assuming resource "tmp" is not freed or pointed-to as ellipsis argument to "btd_debug".
bluez-5.75/src/main.c:440:2: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to.
438| }
439|
440|-> return true;
441| }
442|
---
src/main.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/main.c b/src/main.c
index ac840d684f6d..a31740179941 100644
--- a/src/main.c
+++ b/src/main.c
@@ -420,9 +420,10 @@ static bool parse_config_string(GKeyFile *config, const char *group,
const char *key, char **val)
{
GError *err = NULL;
- char *tmp;
- tmp = g_key_file_get_string(config, group, key, &err);
+ g_return_val_if_fail(val, false);
+
+ *val = g_key_file_get_string(config, group, key, &err);
if (err) {
if (err->code != G_KEY_FILE_ERROR_KEY_NOT_FOUND)
DBG("%s", err->message);
@@ -430,12 +431,7 @@ static bool parse_config_string(GKeyFile *config, const char *group,
return false;
}
- DBG("%s.%s = %s", group, key, tmp);
-
- if (val) {
- g_free(*val);
- *val = tmp;
- }
+ DBG("%s.%s = %s", group, key, *val);
return true;
}
--
2.44.0
Work-around this warning by making the so pointer global.
Error: RESOURCE_LEAK (CWE-772): [#def29] [important]
bluez-5.75/monitor/jlink.c:87:3: alloc_fn: Storage is returned from allocation function "dlopen".
bluez-5.75/monitor/jlink.c:87:3: var_assign: Assigning: "so" = storage returned from "dlopen(jlink_so_name[i], 1)".
bluez-5.75/monitor/jlink.c:95:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:96:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:97:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:98:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:99:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:100:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:101:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:102:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:103:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:104:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.75/monitor/jlink.c:116:2: leaked_storage: Variable "so" going out of scope leaks the storage it points to.
114|
115| /* don't dlclose(so) here cause symbols from it are in use now */
116|-> return 0;
117| }
118|
---
monitor/jlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/monitor/jlink.c b/monitor/jlink.c
index f9d4037f4cdf..e08cc87139c9 100644
--- a/monitor/jlink.c
+++ b/monitor/jlink.c
@@ -47,6 +47,7 @@ struct rtt_desc {
};
static struct rtt_desc rtt_desc;
+static void *so = NULL;
typedef int (*jlink_emu_selectbyusbsn_func) (unsigned int sn);
typedef int (*jlink_open_func) (void);
@@ -80,7 +81,6 @@ static struct jlink jlink;
int jlink_init(void)
{
- void *so;
unsigned int i;
for (i = 0; i < NELEM(jlink_so_name); i++) {
@@ -109,6 +109,7 @@ int jlink_init(void)
!jlink.emu_getproductname ||
!jlink.rtterminal_control || !jlink.rtterminal_read) {
dlclose(so);
+ so = NULL;
return -EIO;
}
--
2.44.0
Error: COPY_PASTE_ERROR (CWE-398): [#def97] [important]
bluez-5.75/src/shared/vcp.c:2610:16: original: "aics->gain_stting_prop" looks like the original copy.
bluez-5.75/src/shared/vcp.c:2625:16: copy_paste_error: "gain_stting_prop" in "aics->gain_stting_prop" looks like a copy-paste error.
bluez-5.75/src/shared/vcp.c:2625:16: remediation: Should it say "aud_ip_type" instead?
2623|
2624| aics = vcp_get_aics(vcp);
2625|-> if (!aics || aics->gain_stting_prop)
2626| return;
2627|
---
src/shared/vcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/vcp.c b/src/shared/vcp.c
index 7ba54e64adc0..b7e17e448b74 100644
--- a/src/shared/vcp.c
+++ b/src/shared/vcp.c
@@ -2622,7 +2622,7 @@ static void foreach_aics_char(struct gatt_db_attribute *attr, void *user_data)
value_handle);
aics = vcp_get_aics(vcp);
- if (!aics || aics->gain_stting_prop)
+ if (!aics || aics->aud_ip_type)
return;
aics->aud_ip_type = attr;
--
2.44.0
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Fri, 10 May 2024 14:10:10 +0200 you wrote:
> Changes since v1:
> - added 6 patches
> - Fix syntax error in "client/gatt: Check write_value() retval"
>
> Bastien Nocera (20):
> adapter: Use false instead of 0 for bool
> attrib/gatt: Guard against possible integer overflow
> client/gatt: Don't pass negative fd on error
> client/gatt: Check write_value() retval
> client/main: Fix array access
> client/main: Fix mismatched free
> monitor/att: Fix memory leak
> bap: Fix memory leaks
> media: Fix memory leak
> main: Fix memory leaks
> isotest: Consider "0" fd to be valid
> isotest: Fix error check after opening file
> client/player: Fix copy/paste error
> shared/vcp: Fix copy/paste error
> isotest: Fix fd leak
> iso-tester: Fix fd leak
> sdp: Fix use of uninitialised memory
> monitor: Work-around memory leak warning
> avrcp: Fix uninitialised memory usage
> main: Simplify variable assignment
>
> [...]
Here is the summary with links:
- [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d3fcc77f99da
- [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer overflow
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1e22fd9adbb3
- [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1ba9e5f21ca2
- [BlueZ,v2,04/20] client/gatt: Check write_value() retval
(no matching commit)
- [BlueZ,v2,05/20] client/main: Fix array access
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f3f762b77b58
- [BlueZ,v2,06/20] client/main: Fix mismatched free
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=ab325450b0c2
- [BlueZ,v2,07/20] monitor/att: Fix memory leak
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=0b842fe9b1fe
- [BlueZ,v2,08/20] bap: Fix memory leaks
(no matching commit)
- [BlueZ,v2,09/20] media: Fix memory leak
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3652e98d2bb6
- [BlueZ,v2,10/20] main: Fix memory leaks
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=45d151ec8a0f
- [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d30dc38b0425
- [BlueZ,v2,12/20] isotest: Fix error check after opening file
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9a36f191aa78
- [BlueZ,v2,13/20] client/player: Fix copy/paste error
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=6f041df23ecf
- [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=856353b254da
- [BlueZ,v2,15/20] isotest: Fix fd leak
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3e03788ba80c
- [BlueZ,v2,16/20] iso-tester: Fix fd leak
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c81f9320357b
- [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=dc60ce0b460a
- [BlueZ,v2,18/20] monitor: Work-around memory leak warning
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e5925dbb84fa
- [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=af2634ce0a62
- [BlueZ,v2,20/20] main: Simplify variable assignment
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=87edbabf3956
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Hi Bastien,
On Fri, May 10, 2024 at 11:48 AM <[email protected]> wrote:
>
> Hello:
>
> This series was applied to bluetooth/bluez.git (master)
> by Luiz Augusto von Dentz <[email protected]>:
>
> On Fri, 10 May 2024 14:10:10 +0200 you wrote:
> > Changes since v1:
> > - added 6 patches
> > - Fix syntax error in "client/gatt: Check write_value() retval"
> >
> > Bastien Nocera (20):
> > adapter: Use false instead of 0 for bool
> > attrib/gatt: Guard against possible integer overflow
> > client/gatt: Don't pass negative fd on error
> > client/gatt: Check write_value() retval
> > client/main: Fix array access
> > client/main: Fix mismatched free
> > monitor/att: Fix memory leak
> > bap: Fix memory leaks
> > media: Fix memory leak
> > main: Fix memory leaks
> > isotest: Consider "0" fd to be valid
> > isotest: Fix error check after opening file
> > client/player: Fix copy/paste error
> > shared/vcp: Fix copy/paste error
> > isotest: Fix fd leak
> > iso-tester: Fix fd leak
> > sdp: Fix use of uninitialised memory
> > monitor: Work-around memory leak warning
> > avrcp: Fix uninitialised memory usage
> > main: Simplify variable assignment
> >
> > [...]
>
> Here is the summary with links:
> - [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d3fcc77f99da
> - [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer overflow
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1e22fd9adbb3
> - [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1ba9e5f21ca2
> - [BlueZ,v2,04/20] client/gatt: Check write_value() retval
> (no matching commit)
> - [BlueZ,v2,05/20] client/main: Fix array access
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f3f762b77b58
> - [BlueZ,v2,06/20] client/main: Fix mismatched free
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=ab325450b0c2
> - [BlueZ,v2,07/20] monitor/att: Fix memory leak
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=0b842fe9b1fe
> - [BlueZ,v2,08/20] bap: Fix memory leaks
> (no matching commit)
> - [BlueZ,v2,09/20] media: Fix memory leak
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3652e98d2bb6
> - [BlueZ,v2,10/20] main: Fix memory leaks
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=45d151ec8a0f
> - [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d30dc38b0425
> - [BlueZ,v2,12/20] isotest: Fix error check after opening file
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9a36f191aa78
> - [BlueZ,v2,13/20] client/player: Fix copy/paste error
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=6f041df23ecf
> - [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=856353b254da
> - [BlueZ,v2,15/20] isotest: Fix fd leak
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3e03788ba80c
> - [BlueZ,v2,16/20] iso-tester: Fix fd leak
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c81f9320357b
> - [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=dc60ce0b460a
> - [BlueZ,v2,18/20] monitor: Work-around memory leak warning
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e5925dbb84fa
> - [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=af2634ce0a62
> - [BlueZ,v2,20/20] main: Simplify variable assignment
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=87edbabf3956
>
> You are awesome, thank you!
> --
> Deet-doot-dot, I am a bot.
> https://korg.docs.kernel.org/patchwork/pwbot.html
Had to revert the last one since it was causing bluetoothd to crash at star.
--
Luiz Augusto von Dentz
On Fri, 2024-05-10 at 12:42 -0400, Luiz Augusto von Dentz wrote:
> Hi Bastien,
>
> On Fri, May 10, 2024 at 11:48 AM <[email protected]>
> wrote:
> >
> > Hello:
> >
> > This series was applied to bluetooth/bluez.git (master)
> > by Luiz Augusto von Dentz <[email protected]>:
> >
> > On Fri, 10 May 2024 14:10:10 +0200 you wrote:
> > > Changes since v1:
> > > - added 6 patches
> > > - Fix syntax error in "client/gatt: Check write_value() retval"
> > >
> > > Bastien Nocera (20):
> > > adapter: Use false instead of 0 for bool
> > > attrib/gatt: Guard against possible integer overflow
> > > client/gatt: Don't pass negative fd on error
> > > client/gatt: Check write_value() retval
> > > client/main: Fix array access
> > > client/main: Fix mismatched free
> > > monitor/att: Fix memory leak
> > > bap: Fix memory leaks
> > > media: Fix memory leak
> > > main: Fix memory leaks
> > > isotest: Consider "0" fd to be valid
> > > isotest: Fix error check after opening file
> > > client/player: Fix copy/paste error
> > > shared/vcp: Fix copy/paste error
> > > isotest: Fix fd leak
> > > iso-tester: Fix fd leak
> > > sdp: Fix use of uninitialised memory
> > > monitor: Work-around memory leak warning
> > > avrcp: Fix uninitialised memory usage
> > > main: Simplify variable assignment
> > >
> > > [...]
> >
> > Here is the summary with links:
> > - [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d3fcc77f99da
> > - [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer
> > overflow
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1e22fd9adbb3
> > - [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1ba9e5f21ca2
> > - [BlueZ,v2,04/20] client/gatt: Check write_value() retval
> > (no matching commit)
> > - [BlueZ,v2,05/20] client/main: Fix array access
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f3f762b77b58
> > - [BlueZ,v2,06/20] client/main: Fix mismatched free
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=ab325450b0c2
> > - [BlueZ,v2,07/20] monitor/att: Fix memory leak
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=0b842fe9b1fe
> > - [BlueZ,v2,08/20] bap: Fix memory leaks
> > (no matching commit)
> > - [BlueZ,v2,09/20] media: Fix memory leak
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3652e98d2bb6
> > - [BlueZ,v2,10/20] main: Fix memory leaks
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=45d151ec8a0f
> > - [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d30dc38b0425
> > - [BlueZ,v2,12/20] isotest: Fix error check after opening file
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9a36f191aa78
> > - [BlueZ,v2,13/20] client/player: Fix copy/paste error
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=6f041df23ecf
> > - [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=856353b254da
> > - [BlueZ,v2,15/20] isotest: Fix fd leak
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3e03788ba80c
> > - [BlueZ,v2,16/20] iso-tester: Fix fd leak
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c81f9320357b
> > - [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=dc60ce0b460a
> > - [BlueZ,v2,18/20] monitor: Work-around memory leak warning
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e5925dbb84fa
> > - [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=af2634ce0a62
> > - [BlueZ,v2,20/20] main: Simplify variable assignment
> >
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=87edbabf3956
> >
> > You are awesome, thank you!
> > --
> > Deet-doot-dot, I am a bot.
> > https://korg.docs.kernel.org/patchwork/pwbot.html
>
> Had to revert the last one since it was causing bluetoothd to crash
> at star.
Thanks very much!
I should have at least mildly tested the resulting builds, my fault, I
also misunderstood what this portion of code did. I've made another
attempt at fixing this issue, and will be submitting more bug fixes in
the near future.
Cheers
>