2014-11-14 20:35:09

by Arman Uguray

[permalink] [raw]
Subject: [PATCH BlueZ] shared/gatt-db: Leave value untouched if realloc fails.

gatt_db_attribute_write currently sets the attrib->value pointer to NULL
and leaks the old memory block, since realloc leaves the initial block
untouched if it fails and returns NULL. This patch fixes this so that
the attribute value isn't modified if realloc fails.
---
src/shared/gatt-db.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index a39eec2..ab08c69 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -929,12 +929,18 @@ bool gatt_db_attribute_write(struct gatt_db_attribute *attrib, uint16_t offset,
/* For values stored in db allocate on demand */
if (!attrib->value || offset >= attrib->value_len ||
len > (unsigned) (attrib->value_len - offset)) {
- attrib->value = realloc(attrib->value, len + offset);
- if (!attrib->value)
+ void *buf;
+
+ buf = realloc(attrib->value, len + offset);
+ if (!buf)
return false;
+
+ attrib->value = buf;
+
/* Init data in the first allocation */
if (!attrib->value_len)
memset(attrib->value, 0, offset);
+
attrib->value_len = len + offset;
}

--
2.1.0.rc2.206.gedb03e5



2014-11-17 09:49:40

by Luiz Augusto von Dentz

[permalink] [raw]
Subject: Re: [PATCH BlueZ] shared/gatt-db: Leave value untouched if realloc fails.

Hi Arman,

On Fri, Nov 14, 2014 at 10:35 PM, Arman Uguray <[email protected]> wrote:
> gatt_db_attribute_write currently sets the attrib->value pointer to NULL
> and leaks the old memory block, since realloc leaves the initial block
> untouched if it fails and returns NULL. This patch fixes this so that
> the attribute value isn't modified if realloc fails.
> ---
> src/shared/gatt-db.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
> index a39eec2..ab08c69 100644
> --- a/src/shared/gatt-db.c
> +++ b/src/shared/gatt-db.c
> @@ -929,12 +929,18 @@ bool gatt_db_attribute_write(struct gatt_db_attribute *attrib, uint16_t offset,
> /* For values stored in db allocate on demand */
> if (!attrib->value || offset >= attrib->value_len ||
> len > (unsigned) (attrib->value_len - offset)) {
> - attrib->value = realloc(attrib->value, len + offset);
> - if (!attrib->value)
> + void *buf;
> +
> + buf = realloc(attrib->value, len + offset);
> + if (!buf)
> return false;
> +
> + attrib->value = buf;
> +
> /* Init data in the first allocation */
> if (!attrib->value_len)
> memset(attrib->value, 0, offset);
> +
> attrib->value_len = len + offset;
> }
>
> --
> 2.1.0.rc2.206.gedb03e5

Applied, thanks.


--
Luiz Augusto von Dentz