If SEP has not been properly discovered avdtp_get_codec may return NULL
thus causing crashes such as when running AVRCP/TG/VLH/BI-01-C after
AVRCP/TG/RCR/BV-04-C.
Prevent remote endpoint registration if its codec is not available.
Remove queue_isempty check from store_remote_seps since that prevents
cleaning up if no seps could be registered.
---
v5: fix avdtp_get_codec() check
profiles/audio/a2dp.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index c3ac432a7..21b3faa47 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -829,9 +829,6 @@ static void store_remote_seps(struct a2dp_channel *chan)
char *data;
gsize length = 0;
- if (queue_isempty(chan->seps))
- return;
-
ba2str(device_get_address(device), dst_addr);
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
@@ -2074,6 +2071,11 @@ static struct a2dp_remote_sep *register_remote_sep(void *data, void *user_data)
if (sep)
return sep;
+ if (!avdtp_get_codec(rsep)) {
+ error("Unable to get remote sep codec");
+ return NULL;
+ }
+
sep = new0(struct a2dp_remote_sep, 1);
sep->chan = chan;
sep->sep = rsep;
@@ -2148,6 +2150,7 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
struct avdtp_remote_sep *rsep;
uint8_t lseid, rseid;
char *value;
+ bool update = false;
if (!seids)
return;
@@ -2206,10 +2209,19 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
}
sep = register_remote_sep(rsep, chan);
- if (sep)
- sep->from_cache = true;
+ if (!sep) {
+ avdtp_unregister_remote_sep(chan->session, rsep);
+ update = true;
+ continue;
+ }
+
+ sep->from_cache = true;
}
+ /* Update cache */
+ if (update)
+ store_remote_seps(chan);
+
value = g_key_file_get_string(key_file, "Endpoints", "LastUsed", NULL);
if (!value)
return;
--
2.25.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=627436
---Test result---
Test Summary:
CheckPatch PASS 1.47 seconds
GitLint PASS 1.03 seconds
Prep - Setup ELL PASS 39.06 seconds
Build - Prep PASS 0.71 seconds
Build - Configure PASS 8.11 seconds
Build - Make PASS 1200.66 seconds
Make Check PASS 11.06 seconds
Make Check w/Valgrind PASS 396.26 seconds
Make Distcheck PASS 206.83 seconds
Build w/ext ELL - Configure PASS 7.82 seconds
Build w/ext ELL - Make PASS 1180.16 seconds
Incremental Build with patchesPASS 0.00 seconds
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Wed, 30 Mar 2022 11:28:44 +0200 you wrote:
> If SEP has not been properly discovered avdtp_get_codec may return NULL
> thus causing crashes such as when running AVRCP/TG/VLH/BI-01-C after
> AVRCP/TG/RCR/BV-04-C.
>
> Prevent remote endpoint registration if its codec is not available.
>
> Remove queue_isempty check from store_remote_seps since that prevents
> cleaning up if no seps could be registered.
>
> [...]
Here is the summary with links:
- [BlueZ,v5] a2dp: Fix crash when SEP codec has not been initialized
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=4a06a31be045
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html