It happens when next_handle is lower that discovered number of handles.
Found by PTS test case: GATT/CL/GAD/BC-01-C
---
src/shared/gatt-db.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index b696fe33d..c9ffbfeed 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -297,6 +297,7 @@ static void handle_notify(void *data, void *user_data)
struct hash_data {
struct iovec *iov;
uint16_t i;
+ size_t size;
};
static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
@@ -327,7 +328,7 @@ static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
case GATT_CHARAC_AGREG_FMT_UUID:
/* Allocate space for handle + type */
len = 2 + 2;
- data = malloc(2 + 2 + attr->value_len);
+ data = malloc(2 + 2);
put_le16(attr->handle, data);
bt_uuid_to_le(&attr->uuid, data + 2);
break;
@@ -335,6 +336,13 @@ static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
return;
}
+ if (hash->i >= hash->size) {
+ /* double the size of iov if we've run out of space */
+ hash->iov = realloc(hash->iov, 2 * hash->size * sizeof(struct iovec));
+ memset(hash->iov + hash->size, 0, hash->size * sizeof(struct iovec));
+ hash->size *= 2;
+ }
+
hash->iov[hash->i].iov_base = data;
hash->iov[hash->i].iov_len = len;
@@ -361,9 +369,10 @@ static bool db_hash_update(void *user_data)
hash.iov = new0(struct iovec, db->next_handle);
hash.i = 0;
+ hash.size = db->next_handle;
gatt_db_foreach_service(db, NULL, service_gen_hash_m, &hash);
- bt_crypto_gatt_hash(db->crypto, hash.iov, db->next_handle, db->hash);
+ bt_crypto_gatt_hash(db->crypto, hash.iov, hash.i, db->hash);
for (i = 0; i < hash.i; i++)
free(hash.iov[i].iov_base);
--
2.34.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=733113
---Test result---
Test Summary:
CheckPatch FAIL 4.78 seconds
GitLint PASS 2.33 seconds
BuildEll PASS 32.74 seconds
BluezMake FAIL 69.92 seconds
MakeCheck FAIL 228.78 seconds
MakeDistcheck PASS 184.50 seconds
CheckValgrind FAIL 60.35 seconds
CheckSmatch FAIL 129.98 seconds
bluezmakeextell FAIL 35.30 seconds
IncrementalBuild FAIL 3744.90 seconds
ScanBuild FAIL 798.75 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,1/9] gatt-db: Fix crash during calculating hash from ATT handles
WARNING:LONG_LINE: line length of 86 exceeds 80 columns
#112: FILE: src/shared/gatt-db.c:341:
+ hash->iov = realloc(hash->iov, 2 * hash->size * sizeof(struct iovec));
WARNING:LONG_LINE: line length of 85 exceeds 80 columns
#113: FILE: src/shared/gatt-db.c:342:
+ memset(hash->iov + hash->size, 0, hash->size * sizeof(struct iovec));
/github/workspace/src/src/13185475.patch total: 0 errors, 2 warnings, 39 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185475.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,2/9] btgatt-client: Add option to connect to ATT over BR/EDR
WARNING:LONG_LINE: line length of 85 exceeds 80 columns
#111: FILE: tools/btgatt-client.c:1425:
+ (dst_type == BDADDR_BREDR ? "BR/EDR" : "LE"),
/github/workspace/src/src/13185477.patch total: 0 errors, 1 warnings, 75 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185477.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,4/9] btgatt-client: Rewrite to use bt_shell
ERROR:INITIALISED_STATIC: do not initialise statics to false
#140: FILE: tools/btgatt-client.c:45:
+static bool shell_running = false;
WARNING:SINGLE_STATEMENT_DO_WHILE_MACRO: Single statement macros should not use a do {} while (0) loop
#156: FILE: tools/btgatt-client.c:61:
+#define append(str, fmt, arg...) do { \
+ sprintf(strchr(str, '\0'), fmt, ## arg); \
+} while (0)
WARNING:LINE_SPACING: Missing a blank line after declarations
#172: FILE: tools/btgatt-client.c:77:
+ char str[32];
+ sprintf(str, COLOR_BLUE "[GATT client]" COLOR_OFF "# ");
WARNING:TYPO_SPELLING: 'initialze' may be misspelled - perhaps 'initialize'?
#224: FILE: tools/btgatt-client.c:191:
+ error("Failed to initialze ATT transport layer");
^^^^^^^^^
WARNING:LINE_SPACING: Missing a blank line after declarations
#318: FILE: tools/btgatt-client.c:294:
+ char line[MAX_LEN_LINE] = {0};
+ append(line, "\t\t " COLOR_MAGENTA "descr" COLOR_OFF
WARNING:LONG_LINE: line length of 82 exceeds 80 columns
#529: FILE: tools/btgatt-client.c:413:
+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
WARNING:LONG_LINE: line length of 82 exceeds 80 columns
#539: FILE: tools/btgatt-client.c:423:
+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
WARNING:LONG_LINE: line length of 89 exceeds 80 columns
#1582: FILE: tools/btgatt-client.c:1083:
+ cmd_read_long_value, "Read a long characteristic or desctriptor value" },
WARNING:LONG_LINE_STRING: line length of 87 exceeds 80 columns
#1594: FILE: tools/btgatt-client.c:1095:
+ cmd_write_long_value, "Write long characteristic or descriptor value\n"
WARNING:LONG_LINE_STRING: line length of 87 exceeds 80 columns
#1601: FILE: tools/btgatt-client.c:1102:
+ cmd_write_prepare, "Write prepare characteristic or descriptor value\n"
WARNING:LONG_LINE: line length of 84 exceeds 80 columns
#1610: FILE: tools/btgatt-client.c:1111:
+ cmd_register_notify, "Subscribe to not/ind from a characteristic" },
WARNING:STATIC_CONST_CHAR_ARRAY: static const char * array should probably be static const char * const
#1731: FILE: tools/btgatt-client.c:1224:
+static const char *help[] = {
/github/workspace/src/src/13185484.patch total: 1 errors, 11 warnings, 1811 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185484.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,5/9] btgatt-client: Implement disconnect and connect commands
ERROR:GLOBAL_INITIALISERS: do not initialise globals to NULL
#92: FILE: tools/btgatt-client.c:43:
+struct client *cli = NULL;
ERROR:INITIALISED_STATIC: do not initialise statics to 0
#98: FILE: tools/btgatt-client.c:49:
+static uint16_t mtu = 0;
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#107: FILE: tools/btgatt-client.c:79:
+ int sec);
WARNING:LINE_SPACING: Missing a blank line after declarations
#114: FILE: tools/btgatt-client.c:84:
+ char str[64], addr[18], type[3];
+ if (!bacmp(&dst_addr, BDADDR_ANY))
WARNING:LONG_LINE: line length of 87 exceeds 80 columns
#120: FILE: tools/btgatt-client.c:90:
+ sprintf(str, COLOR_BLUE "[%s][%s]" COLOR_OFF "# ", addr, type);
ERROR:FUNCTION_WITHOUT_ARGS: Bad function definition - void client_destroy() should probably be void client_destroy(void)
#131: FILE: tools/btgatt-client.c:145:
+static void client_destroy()
ERROR:FUNCTION_WITHOUT_ARGS: Bad function definition - void connect_device() should probably be void connect_device(void)
#169: FILE: tools/btgatt-client.c:1089:
+static void connect_device()
WARNING:LINE_SPACING: Missing a blank line after declarations
#172: FILE: tools/btgatt-client.c:1092:
+ int fd;
+ fd = l2cap_att_connect(&src_addr, &dst_addr, dst_type, security_level);
WARNING:BRACES: braces {} are not necessary for single statement blocks
#173: FILE: tools/btgatt-client.c:1093:
+ if (fd < 0) {
+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
/github/workspace/src/src/13185480.patch total: 4 errors, 5 warnings, 215 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185480.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,6/9] btgatt-client: Implement read by type
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#115: FILE: tools/btgatt-client.c:531:
+ while (bt_gatt_iter_next_read_by_type(&iter, &handle, &length, &value)) {
/github/workspace/src/src/13185479.patch total: 0 errors, 1 warnings, 90 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185479.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
[BlueZ,9/9] btgatt-client: Implement filter service by start handle
WARNING:LINE_SPACING: Missing a blank line after declarations
#94: FILE: tools/btgatt-client.c:381:
+ uint16_t start = 0x0001, end = 0xFFFF;
+ if (handle) {
/github/workspace/src/src/13185483.patch total: 0 errors, 1 warnings, 15 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13185483.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: BluezMake - FAIL
Desc: Build BlueZ
Output:
tools/btgatt-client.c:519:6: error: no previous declaration for ‘read_by_type_cb’ [-Werror=missing-declarations]
519 | void read_by_type_cb(bool success, uint8_t att_ecode,
| ^~~~~~~~~~~~~~~
tools/btgatt-client.c: In function ‘cmd_write_value’:
tools/btgatt-client.c:730:14: error: unused variable ‘val’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^~~
tools/btgatt-client.c:730:11: error: unused variable ‘i’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_long_value’:
tools/btgatt-client.c:815:14: error: unused variable ‘val’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^~~
tools/btgatt-client.c:815:11: error: unused variable ‘i’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_prepare’:
tools/btgatt-client.c:932:31: error: pointer targets in passing argument 2 of ‘read_bytes’ differ in signedness [-Werror=pointer-sign]
932 | value = read_bytes(argv + 2, &length);
| ^~~~~~~
| |
| unsigned int *
tools/btgatt-client.c:672:46: note: expected ‘int *’ but argument is of type ‘unsigned int *’
672 | static uint8_t *read_bytes(char **argv, int *length)
| ~~~~~^~~~~~
tools/btgatt-client.c:879:14: error: unused variable ‘val’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^~~
tools/btgatt-client.c:879:11: error: unused variable ‘i’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1163:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1163 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1167:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1167 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
tools/btgatt-client.c: In function ‘read_bytes’:
tools/btgatt-client.c:679:34: error: ‘i’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
679 | if (*length == 3 && !strcmp(argv[i], "bytes")) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12514:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12514 | int main(int argc, char *argv[])
| ^~~~
make: *** [Makefile:4506: all] Error 2
##############################
Test: MakeCheck - FAIL
Desc: Run Bluez Make Check
Output:
tools/btgatt-client.c:519:6: error: no previous declaration for ‘read_by_type_cb’ [-Werror=missing-declarations]
519 | void read_by_type_cb(bool success, uint8_t att_ecode,
| ^~~~~~~~~~~~~~~
tools/btgatt-client.c: In function ‘cmd_write_value’:
tools/btgatt-client.c:730:14: error: unused variable ‘val’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^~~
tools/btgatt-client.c:730:11: error: unused variable ‘i’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_long_value’:
tools/btgatt-client.c:815:14: error: unused variable ‘val’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^~~
tools/btgatt-client.c:815:11: error: unused variable ‘i’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_prepare’:
tools/btgatt-client.c:932:31: error: pointer targets in passing argument 2 of ‘read_bytes’ differ in signedness [-Werror=pointer-sign]
932 | value = read_bytes(argv + 2, &length);
| ^~~~~~~
| |
| unsigned int *
tools/btgatt-client.c:672:46: note: expected ‘int *’ but argument is of type ‘unsigned int *’
672 | static uint8_t *read_bytes(char **argv, int *length)
| ~~~~~^~~~~~
tools/btgatt-client.c:879:14: error: unused variable ‘val’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^~~
tools/btgatt-client.c:879:11: error: unused variable ‘i’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1163:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1163 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1167:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1167 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
tools/btgatt-client.c: In function ‘read_bytes’:
tools/btgatt-client.c:679:34: error: ‘i’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
679 | if (*length == 3 && !strcmp(argv[i], "bytes")) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make: *** [Makefile:11779: check] Error 2
##############################
Test: CheckValgrind - FAIL
Desc: Run Bluez Make Check with Valgrind
Output:
tools/btgatt-client.c:519:6: error: no previous declaration for ‘read_by_type_cb’ [-Werror=missing-declarations]
519 | void read_by_type_cb(bool success, uint8_t att_ecode,
| ^~~~~~~~~~~~~~~
tools/btgatt-client.c: In function ‘cmd_write_value’:
tools/btgatt-client.c:730:14: error: unused variable ‘val’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^~~
tools/btgatt-client.c:730:11: error: unused variable ‘i’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_long_value’:
tools/btgatt-client.c:815:14: error: unused variable ‘val’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^~~
tools/btgatt-client.c:815:11: error: unused variable ‘i’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_prepare’:
tools/btgatt-client.c:932:31: error: pointer targets in passing argument 2 of ‘read_bytes’ differ in signedness [-Werror=pointer-sign]
932 | value = read_bytes(argv + 2, &length);
| ^~~~~~~
| |
| unsigned int *
tools/btgatt-client.c:672:46: note: expected ‘int *’ but argument is of type ‘unsigned int *’
672 | static uint8_t *read_bytes(char **argv, int *length)
| ~~~~~^~~~~~
tools/btgatt-client.c:879:14: error: unused variable ‘val’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^~~
tools/btgatt-client.c:879:11: error: unused variable ‘i’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1163:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1163 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1167:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1167 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
tools/btgatt-client.c: In function ‘read_bytes’:
tools/btgatt-client.c:679:34: error: ‘i’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
679 | if (*length == 3 && !strcmp(argv[i], "bytes")) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12514:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12514 | int main(int argc, char *argv[])
| ^~~~
make: *** [Makefile:11779: check] Error 2
##############################
Test: CheckSmatch - FAIL
Desc: Run smatch tool with source
Output:
src/shared/crypto.c:271:21: warning: Variable length array is used.
src/shared/crypto.c:272:23: warning: Variable length array is used.
src/shared/gatt-helpers.c:768:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:830:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1323:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1354:23: warning: Variable length array is used.
src/shared/gatt-server.c:275:25: warning: Variable length array is used.
src/shared/gatt-server.c:618:25: warning: Variable length array is used.
src/shared/gatt-server.c:717:25: warning: Variable length array is used.
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
src/shared/shell.c:609:21: warning: non-ANSI function declaration of function 'bt_shell_usage'
src/shared/crypto.c:271:21: warning: Variable length array is used.
src/shared/crypto.c:272:23: warning: Variable length array is used.
src/shared/gatt-helpers.c:768:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:830:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1323:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1354:23: warning: Variable length array is used.
src/shared/gatt-server.c:275:25: warning: Variable length array is used.
src/shared/gatt-server.c:618:25: warning: Variable length array is used.
src/shared/gatt-server.c:717:25: warning: Variable length array is used.
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
src/shared/shell.c:609:21: warning: non-ANSI function declaration of function 'bt_shell_usage'
tools/mesh-cfgtest.c:1453:17: warning: unknown escape sequence: '\%'
tools/sco-tester.c: note: in included file:
./lib/bluetooth.h:186:15: warning: array of flexible structures
./lib/bluetooth.h:191:31: warning: array of flexible structures
tools/bneptest.c:634:39: warning: unknown escape sequence: '\%'
tools/seq2bseq.c:57:26: warning: Variable length array is used.
tools/btgatt-client.c:146:28: warning: non-ANSI function declaration of function 'client_destroy'
tools/btgatt-client.c:1140:28: warning: non-ANSI function declaration of function 'connect_device'
tools/btgatt-client.c:519:6: error: no previous declaration for ‘read_by_type_cb’ [-Werror=missing-declarations]
519 | void read_by_type_cb(bool success, uint8_t att_ecode,
| ^~~~~~~~~~~~~~~
tools/btgatt-client.c: In function ‘cmd_write_value’:
tools/btgatt-client.c:730:14: error: unused variable ‘val’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^~~
tools/btgatt-client.c:730:11: error: unused variable ‘i’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_long_value’:
tools/btgatt-client.c:815:14: error: unused variable ‘val’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^~~
tools/btgatt-client.c:815:11: error: unused variable ‘i’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_prepare’:
tools/btgatt-client.c:932:31: error: pointer targets in passing argument 2 of ‘read_bytes’ differ in signedness [-Werror=pointer-sign]
932 | value = read_bytes(argv + 2, &length);
| ^~~~~~~
| |
| unsigned int *
tools/btgatt-client.c:672:46: note: expected ‘int *’ but argument is of type ‘unsigned int *’
672 | static uint8_t *read_bytes(char **argv, int *length)
| ~~~~~^~~~~~
tools/btgatt-client.c:879:14: error: unused variable ‘val’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^~~
tools/btgatt-client.c:879:11: error: unused variable ‘i’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1163:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1163 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1167:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1167 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
tools/btgatt-client.c: In function ‘read_bytes’:
tools/btgatt-client.c:679:34: error: ‘i’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
679 | if (*length == 3 && !strcmp(argv[i], "bytes")) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4506: all] Error 2
##############################
Test: bluezmakeextell - FAIL
Desc: Build Bluez with External ELL
Output:
tools/btgatt-client.c:519:6: error: no previous declaration for ‘read_by_type_cb’ [-Werror=missing-declarations]
519 | void read_by_type_cb(bool success, uint8_t att_ecode,
| ^~~~~~~~~~~~~~~
tools/btgatt-client.c: In function ‘cmd_write_value’:
tools/btgatt-client.c:730:14: error: unused variable ‘val’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^~~
tools/btgatt-client.c:730:11: error: unused variable ‘i’ [-Werror=unused-variable]
730 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_long_value’:
tools/btgatt-client.c:815:14: error: unused variable ‘val’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^~~
tools/btgatt-client.c:815:11: error: unused variable ‘i’ [-Werror=unused-variable]
815 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_write_prepare’:
tools/btgatt-client.c:932:31: error: pointer targets in passing argument 2 of ‘read_bytes’ differ in signedness [-Werror=pointer-sign]
932 | value = read_bytes(argv + 2, &length);
| ^~~~~~~
| |
| unsigned int *
tools/btgatt-client.c:672:46: note: expected ‘int *’ but argument is of type ‘unsigned int *’
672 | static uint8_t *read_bytes(char **argv, int *length)
| ~~~~~^~~~~~
tools/btgatt-client.c:879:14: error: unused variable ‘val’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^~~
tools/btgatt-client.c:879:11: error: unused variable ‘i’ [-Werror=unused-variable]
879 | int opt, i, val;
| ^
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1163:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1163 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1167:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1167 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
tools/btgatt-client.c: In function ‘read_bytes’:
tools/btgatt-client.c:679:34: error: ‘i’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
679 | if (*length == 3 && !strcmp(argv[i], "bytes")) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4506: all] Error 2
##############################
Test: IncrementalBuild - FAIL
Desc: Incremental build with the patches in the series
Output:
[BlueZ,5/9] btgatt-client: Implement disconnect and connect commands
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1112:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1112 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1116:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1116 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12514:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12514 | int main(int argc, char *argv[])
| ^~~~
make: *** [Makefile:4506: all] Error 2
##############################
Test: ScanBuild - FAIL
Desc: Run Scan Build
Output:
src/shared/ad.c:369:19: warning: Use of zero-allocated memory
buf[(*pos)++] = ad_type;
^
1 warning generated.
src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:993:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1099:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1291:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1356:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1631:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1636:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2140:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2148:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3236:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3258:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
src/shared/shell.c:1180:13: warning: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
if (c != opt->options[index - offset].val) {
^~~~~~~~~~~~
1 warning generated.
src/shared/ad.c:369:19: warning: Use of zero-allocated memory
buf[(*pos)++] = ad_type;
^
1 warning generated.
src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:993:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1099:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1291:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1356:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1631:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1636:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2140:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2148:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3236:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3258:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
src/shared/shell.c:1180:13: warning: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
if (c != opt->options[index - offset].val) {
^~~~~~~~~~~~
1 warning generated.
tools/hciattach.c:816:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 10)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:864:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:886:8: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 10)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:908:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:929:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:973:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 6)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
6 warnings generated.
src/oui.c:50:2: warning: Value stored to 'hwdb' is never read
hwdb = udev_hwdb_unref(hwdb);
^ ~~~~~~~~~~~~~~~~~~~~~
src/oui.c:53:2: warning: Value stored to 'udev' is never read
udev = udev_unref(udev);
^ ~~~~~~~~~~~~~~~~
2 warnings generated.
tools/hcidump.c:180:9: warning: Potential leak of memory pointed to by 'dp'
if (fds[i].fd == sock)
^~~
tools/hcidump.c:248:17: warning: Assigned value is garbage or undefined
dh->ts_sec = htobl(frm.ts.tv_sec);
^ ~~~~~~~~~~~~~~~~~~~~
tools/hcidump.c:326:9: warning: 1st function call argument is an uninitialized value
if (be32toh(dp.flags) & 0x02) {
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:341:20: warning: 1st function call argument is an uninitialized value
frm.data_len = be32toh(dp.len);
^~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:346:14: warning: 1st function call argument is an uninitialized value
opcode = be32toh(dp.flags) & 0xffff;
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:384:17: warning: Assigned value is garbage or undefined
frm.data_len = btohs(dh.len);
^ ~~~~~~~~~~~~~
tools/hcidump.c:394:11: warning: Assigned value is garbage or undefined
frm.len = frm.data_len;
^ ~~~~~~~~~~~~
tools/hcidump.c:398:9: warning: 1st function call argument is an uninitialized value
ts = be64toh(ph.ts);
^~~~~~~~~~~~~~
/usr/include/endian.h:51:22: note: expanded from macro 'be64toh'
# define be64toh(x) __bswap_64 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:403:13: warning: 1st function call argument is an uninitialized value
frm.in = be32toh(dp.flags) & 0x01;
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:408:11: warning: Assigned value is garbage or undefined
frm.in = dh.in;
^ ~~~~~
tools/hcidump.c:437:7: warning: Null pointer passed to 1st parameter expecting 'nonnull'
fd = open(file, open_flags, 0644);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
11 warnings generated.
tools/rfcomm.c:228:3: warning: Value stored to 'i' is never read
i = execvp(cmdargv[0], cmdargv);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:228:7: warning: Null pointer passed to 1st parameter expecting 'nonnull'
i = execvp(cmdargv[0], cmdargv);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:348:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:491:14: warning: Assigned value is garbage or undefined
req.channel = raddr.rc_channel;
^ ~~~~~~~~~~~~~~~~
tools/rfcomm.c:509:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 warnings generated.
src/sdp-xml.c:126:10: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:300:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:338:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
3 warnings generated.
tools/ciptool.c:350:7: warning: 5th function call argument is an uninitialized value
sk = do_connect(ctl, dev_id, &src, &dst, psm, (1 << CMTP_LOOPBACK));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
tools/sdptool.c:941:26: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t', which is incompatible with sizeof operand type 'int'
uint32_t *value_int = malloc(sizeof(int));
~~~~~~~~~~ ^~~~~~ ~~~~~~~~~~~
tools/sdptool.c:980:4: warning: 1st function call argument is an uninitialized value
free(allocArray[i]);
^~~~~~~~~~~~~~~~~~~
tools/sdptool.c:3777:2: warning: Potential leak of memory pointed to by 'si.name'
return add_service(0, &si);
^~~~~~~~~~~~~~~~~~~~~~~~~~
tools/sdptool.c:4112:4: warning: Potential leak of memory pointed to by 'context.svc'
return -1;
^~~~~~~~~
4 warnings generated.
tools/avtest.c:224:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:234:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:243:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:257:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:264:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:271:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:278:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:289:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:293:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:302:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:306:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:315:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:322:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:344:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:348:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:357:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:361:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:374:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:378:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:385:4: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:395:4: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:559:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:567:3: warning: Value stored to 'len' is never read
len = write(sk, buf, invalid ? 2 : 3);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/avtest.c:581:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 4 + sizeof(media_transport));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/avtest.c:594:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:604:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:616:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:631:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:643:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:652:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:659:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:695:2: warning: Value stored to 'len' is never read
len = write(sk, buf, AVCTP_HEADER_LENGTH + sizeof(play_pressed));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 warnings generated.
tools/btproxy.c:836:15: warning: Null pointer passed to 1st parameter expecting 'nonnull'
tcp_port = atoi(optarg);
^~~~~~~~~~~~
tools/btproxy.c:839:8: warning: Null pointer passed to 1st parameter expecting 'nonnull'
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
^~~~~~~~~~~~~~
2 warnings generated.
tools/create-image.c:76:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:84:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:92:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:105:2: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
4 warnings generated.
tools/btgatt-client.c: In function ‘cmd_connect’:
tools/btgatt-client.c:1112:23: error: passing argument 2 of ‘str2ba’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1112 | if (str2ba(argv[1], &addr) < 0) {
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:400:39: note: expected ‘bdaddr_t *’ {aka ‘struct <anonymous> *’} but argument is of type ‘char (*)[18]’
400 | int str2ba(const char *str, bdaddr_t *ba);
| ~~~~~~~~~~^~
tools/btgatt-client.c:1116:20: error: passing argument 2 of ‘bacpy’ from incompatible pointer type [-Werror=incompatible-pointer-types]
1116 | bacpy(&dst_addr, &addr);
| ^~~~~
| |
| char (*)[18]
In file included from tools/btgatt-client.c:24:
./lib/bluetooth.h:390:57: note: expected ‘const bdaddr_t *’ {aka ‘const struct <anonymous> *’} but argument is of type ‘char (*)[18]’
390 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
| ~~~~~~~~~~~~~~~~^~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7591: tools/btgatt-client.o] Error 1
make[1]: *** Waiting for unfinished jobs....
tools/btgatt-server.c:1212:2: warning: Value stored to 'argv' is never read
argv -= optind;
^ ~~~~~~
1 warning generated.
make: *** [Makefile:4506: all] Error 2
---
Regards,
Linux Bluetooth
Hi Simon,
On Thu, Mar 23, 2023 at 3:44 AM Simon Mikuda
<[email protected]> wrote:
>
> It happens when next_handle is lower that discovered number of handles.
> Found by PTS test case: GATT/CL/GAD/BC-01-C
Can you add the backtrace of the crash?
> ---
> src/shared/gatt-db.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
> index b696fe33d..c9ffbfeed 100644
> --- a/src/shared/gatt-db.c
> +++ b/src/shared/gatt-db.c
> @@ -297,6 +297,7 @@ static void handle_notify(void *data, void *user_data)
> struct hash_data {
> struct iovec *iov;
> uint16_t i;
> + size_t size;
> };
>
> static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
> @@ -327,7 +328,7 @@ static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
> case GATT_CHARAC_AGREG_FMT_UUID:
> /* Allocate space for handle + type */
> len = 2 + 2;
> - data = malloc(2 + 2 + attr->value_len);
> + data = malloc(2 + 2);
This seems to be a different issue, looks like we are allocating more
than necessary.
> put_le16(attr->handle, data);
> bt_uuid_to_le(&attr->uuid, data + 2);
> break;
> @@ -335,6 +336,13 @@ static void gen_hash_m(struct gatt_db_attribute *attr, void *user_data)
> return;
> }
>
> + if (hash->i >= hash->size) {
> + /* double the size of iov if we've run out of space */
> + hash->iov = realloc(hash->iov, 2 * hash->size * sizeof(struct iovec));
> + memset(hash->iov + hash->size, 0, hash->size * sizeof(struct iovec));
> + hash->size *= 2;
Not sure if we should double the size? I'd probably check why we are
not able to allocate the size properly, perhaps we have an off by one
of the next_handle happens to loop around? A better way would be to
just calculate the actual number of attributes instead of using its
handles since there could be spaces in between handles, we could just
iterate over the services since they should each contain the number of
attributes.
> + }
> +
> hash->iov[hash->i].iov_base = data;
> hash->iov[hash->i].iov_len = len;
>
> @@ -361,9 +369,10 @@ static bool db_hash_update(void *user_data)
>
> hash.iov = new0(struct iovec, db->next_handle);
> hash.i = 0;
> + hash.size = db->next_handle;
>
> gatt_db_foreach_service(db, NULL, service_gen_hash_m, &hash);
> - bt_crypto_gatt_hash(db->crypto, hash.iov, db->next_handle, db->hash);
> + bt_crypto_gatt_hash(db->crypto, hash.iov, hash.i, db->hash);
>
> for (i = 0; i < hash.i; i++)
> free(hash.iov[i].iov_base);
> --
> 2.34.1
>
--
Luiz Augusto von Dentz