Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3736745ybb; Tue, 31 Mar 2020 11:00:49 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsiGyDu3ZHG5LnyChk/LZ5IThwM3CALRW20RL84VLxGcrw8L7EdoeVroS0IHYp9yNGaM8S9 X-Received: by 2002:a9d:70d0:: with SMTP id w16mr14570506otj.9.1585677648940; Tue, 31 Mar 2020 11:00:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585677648; cv=none; d=google.com; s=arc-20160816; b=s/+gLqA05UsXfIaA9W3l2qLHWm/KoimNZiuRKMyfPxJdxBLCOfMznbsYrm/i1g64CK vUkRjMaiLjoPri9DPLjXSEiwx7H5r8FTJWdRJ+BeucmEywWSere24rKHdYjbpaNoV7sN C7LyO1hrMjNYCNxY4UyOhvdCEmW/ANNpicQkGYTzxkifqVbLDF6WZJ1oO1JeFzo0ChUQ Zf9TLC+SwOYO81CqcpU3EfY4YgXMwRh8i4BEut0zQNdIWkm/mdxiM1Sj1MHfDAeC1zg4 0gAd9l3vcIyucAzo2a+fHYKzkKFJlLM2fZcaSE+Cm3wo7VSvmQr9SJGvbD2yY79DZT7w zEqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=NGGoffaEEoevhuPIQxSMZGVrLYBDcDvDGYpX4Ko/TTk=; b=v/y9eJXaCiFY1KeVasCxaOve54WUx8+3B/oJLl5aC8CL3B1CqL4Xe2CoTMOLRgGgrD C7Wrn/kXBm7X7tiGy4hI7wNUKTc+S0C97Dbc4A30WXK1ny1BHx5GJCtyjemloRwbcovr KBCEa3cWmYTvQ1aRD1RbA1c8twm1VF25jalTDxL4ghe5Xm0pEer0gDRzAys9d7eHxS+8 BJJbW01wrrwQ1uCJfrbNfZz/rPz04pN9XKX17wPc4FTUzTaqkAg68q5xaVbv2E819fb9 K89UjDfFTp/2kJDxIeVLR4tLVx2k+aWKw18w/jqCbl2evVYFufJiWBIIQ/foa1tPdT5P RpWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZsYVuDzb; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l5si7224229oic.3.2020.03.31.11.00.25; Tue, 31 Mar 2020 11:00:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZsYVuDzb; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726199AbgCaSAJ (ORCPT + 99 others); Tue, 31 Mar 2020 14:00:09 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:35405 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725988AbgCaSAJ (ORCPT ); Tue, 31 Mar 2020 14:00:09 -0400 Received: by mail-ot1-f68.google.com with SMTP id v2so18431704oto.2 for ; Tue, 31 Mar 2020 11:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NGGoffaEEoevhuPIQxSMZGVrLYBDcDvDGYpX4Ko/TTk=; b=ZsYVuDzbevImFOxGazF/WJReHFlxzQCz9Ps51UmeuzS/N6IaoMy3qqAR19KRU/4eYP EALEasHHHcdricOHjpDcL9XjGo6xtW8ELwQ0SjN1Zeg0Z/2kIu8U74JYMo/gzvCg0EL1 zgS2NHVCH9N8sL4ReD2NlZ2ztq4gCf4Dd0M2Uoh5KL22pxD4HeidfliRuCozL/Llge42 PBNy3kbLIr1AHy2g8cep5pZ9AAXElLv7hARtu+98GlCsJHnYB6qx+pPhGjuO1Was8ZOe VwLPXTV9SmLHZXsDuu2pUBRQ/KxYfoXZIcl6JiZ24JYT9gWgnQ+cBIbjTOTmaUZlscmr lkFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NGGoffaEEoevhuPIQxSMZGVrLYBDcDvDGYpX4Ko/TTk=; b=uK5OhspAvtc/UBWwjhSGv2yXlYeBe5wsRePRzSXZ6Mza955f5pUMq+t/rnCUkbJs1v O2GieVYh30BM4xNhEBzSt4N8juprXcotJzyJ2z+iGP4MNxMF9Dpdg5iBF4JjkIFJt/CZ gH+fhu0+xx5YcC9C6NS1Qa/NorRb3DvPdakSuQ1tW4R5omDmza3sU2gNwRlSnb2Ys1sA 4tNBUtmTkNWO4J/P0YyZau23oE2ijcSIyuv/NNqx41ZRm4Pf94m1qMcvlnib4wYZvyeY u9fmly+aqnnGAakzJabaoIywvh6aCcNXYyORQ2le/i0BMshqDSwbCNbwRP027//2PqTv d92g== X-Gm-Message-State: ANhLgQ0yF9NfTAK+V5Q8D6EvwUJwmJRcIhKPKDXv+H1J/QrsHQfEMsle DxYZhV5wRcwXlMOVsERkLzyeVK98+cWrA1MhU3E= X-Received: by 2002:a9d:644:: with SMTP id 62mr8521452otn.177.1585677608576; Tue, 31 Mar 2020 11:00:08 -0700 (PDT) MIME-Version: 1.0 References: <20200331104532.365961-1-szymon.janc@codecoup.pl> In-Reply-To: <20200331104532.365961-1-szymon.janc@codecoup.pl> From: Luiz Augusto von Dentz Date: Tue, 31 Mar 2020 10:59:57 -0700 Message-ID: Subject: Re: [PATCH] shared/gatt: Fix NULL pointer dereference To: Szymon Janc Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Szymon, On Tue, Mar 31, 2020 at 3:48 AM Szymon Janc wrote: > > bluetoothd[363094]: src/device.c:device_connect_le() Connection attempt to: 00:AA:01:00:00:23 > > Program received signal SIGSEGV, Segmentation fault. > write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793 > 793 util_debug(server->debug_callback, server->debug_data, > (gdb) bt > #0 write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793 > #1 0x00005555556a5852 in pending_write_result (p=0x555555866030, err=) at src/shared/gatt-db.c:162 > #2 0x00005555556a5ac7 in write_timeout (user_data=0x555555866030) at src/shared/gatt-db.c:1879 > #3 0x00005555556a9b15 in timeout_callback (user_data=user_data@entry=0x555555864b20) at src/shared/timeout-glib.c:34 > #4 0x00007ffff7e1f081 in g_timeout_dispatch (source=source@entry=0x555555864f00, callback=0x5555556a9b00 , user_data=0x555555864b20) at ../glib/gmain.c:4705 > #5 0x00007ffff7e1e570 in g_main_dispatch (context=0x5555557d9630) at ../glib/gmain.c:3216 > #6 g_main_context_dispatch (context=context@entry=0x5555557d9630) at ../glib/gmain.c:3881 > #7 0x00007ffff7e1e900 in g_main_context_iterate (context=0x5555557d9630, block=block@entry=1, dispatch=dispatch@entry=1, self=) at ../glib/gmain.c:3954 > #8 0x00007ffff7e1ebf3 in g_main_loop_run (loop=0x5555557d75d0) at ../glib/gmain.c:4148 > #9 0x00005555556a9dbd in mainloop_run () at src/shared/mainloop-glib.c:79 > #10 0x00005555556aa36a in mainloop_run_with_signal (func=, user_data=0x0) at src/shared/mainloop-notify.c:201 > #11 0x00005555555bb9e3 in main (argc=, argv=) at src/main.c:770 > --- > src/shared/gatt-server.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c > index 7e5d652e4..4e07398d2 100644 > --- a/src/shared/gatt-server.c > +++ b/src/shared/gatt-server.c > @@ -790,14 +790,14 @@ static void write_complete_cb(struct gatt_db_attribute *attr, int err, > struct bt_gatt_server *server = op->server; > uint16_t handle; > > - util_debug(server->debug_callback, server->debug_data, > - "Write Complete: err %d", err); > - > if (!server || op->opcode == BT_ATT_OP_WRITE_CMD) { > async_write_op_destroy(op); > return; > } > > + util_debug(server->debug_callback, server->debug_data, > + "Write Complete: err %d", err); > + > handle = gatt_db_attribute_get_handle(attr); > > if (err) > @@ -914,14 +914,14 @@ static void read_complete_cb(struct gatt_db_attribute *attr, int err, > uint16_t mtu; > uint16_t handle; > > - util_debug(server->debug_callback, server->debug_data, > - "Read Complete: err %d", err); > - > if (!server) { > async_read_op_destroy(op); > return; > } > > + util_debug(server->debug_callback, server->debug_data, > + "Read Complete: err %d", err); > + > mtu = bt_att_get_mtu(server->att); > handle = gatt_db_attribute_get_handle(attr); > > -- > 2.25.1 > Applied, thanks. -- Luiz Augusto von Dentz