2024-03-05 14:15:35

by Andrei Istodorescu

Subject: [PATCH BlueZ 0/1] Fix crash in bluetoothctl exit

This patch sets the data.inputs and ata.queue to NULL after being freed.
This is needed so that further use of these queues won't access already
freed memory.

Andrei Istodorescu (1):
shared/shell: Fix heap use after free on exit

src/shared/shell.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

--
2.40.1

2024-03-05 14:15:37

by Andrei Istodorescu

Subject: [PATCH BlueZ 1/1] shared/shell: Fix heap use after free on exit

Set the value for data.inputs and data.queue queues to NULL after
freeing, so that further processes won't use already freed memory
---
src/shared/shell.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/shared/shell.c b/src/shared/shell.c
index 68499b464b69..7bcfcff3ee76 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -4,7 +4,7 @@
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2017 Intel Corporation. All rights reserved.
- *
+ * Copyright 2024 NXP
*
*/

@@ -1362,7 +1362,9 @@ void bt_shell_cleanup(void)
rl_cleanup();

queue_destroy(data.inputs, NULL);
+ data.inputs = NULL;
queue_destroy(data.queue, free);
+ data.queue = NULL;
queue_destroy(data.prompts, prompt_free);
data.prompts = NULL;

--
2.40.1

2024-03-05 15:32:07

by bluez.test.bot

Subject: RE: Fix crash in bluetoothctl exit

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=832554

---Test result---

Test Summary:
CheckPatch PASS 0.43 seconds
GitLint PASS 0.31 seconds
BuildEll PASS 24.58 seconds
BluezMake PASS 726.55 seconds
MakeCheck PASS 11.58 seconds
MakeDistcheck PASS 165.41 seconds
CheckValgrind PASS 228.10 seconds
CheckSmatch WARNING 333.06 seconds
bluezmakeextell PASS 107.49 seconds
IncrementalBuild PASS 671.47 seconds
ScanBuild PASS 944.14 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):


---
Regards,
Linux Bluetooth

2024-03-05 22:50:33

by patchwork-bot+bluetooth

Subject: Re: [PATCH BlueZ 0/1] Fix crash in bluetoothctl exit

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:

On Tue, 5 Mar 2024 16:15:20 +0200 you wrote:
> This patch sets the data.inputs and ata.queue to NULL after being freed.
> This is needed so that further use of these queues won't access already
> freed memory.
>
> Andrei Istodorescu (1):
> shared/shell: Fix heap use after free on exit
>
> [...]

Here is the summary with links:
- [BlueZ,1/1] shared/shell: Fix heap use after free on exit
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=0bf9e6453ed5

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html