Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp180761ybh; Mon, 20 Jul 2020 13:42:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhmegf+mU9VbEh02mUs7t88raRNlRUZVauF/Jwr3coQAbP4AAC8Zxajx9bqvmMglrKJcNo X-Received: by 2002:a17:906:fb99:: with SMTP id lr25mr22331466ejb.49.1595277773436; Mon, 20 Jul 2020 13:42:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595277773; cv=none; d=google.com; s=arc-20160816; b=ZsC6eU+JOnHDG4UTP3swbJ+/sFCKWS9uODH9c16LEdTqZ7k+L01vV67mkECdkC+eg6 W0ZX9ZPagvfC2+g6zdxGdDC8NpLhDHBKq4SoxfH9p4FBYvEW4hjTmDa0RZl34NzPXtyS 4lZtVkGcMut7YcebAIejxX8d3QmX5o4G8TA/p/bXUz68QDFjxa6Y4aAK7t4kXlRkRRTm bmJl+0IArgYBcC/FIICv20b3R4yWFo8QWf5YAQQLUdM/sA5HXlaorXANy4DNMlWHOyfz YQQmO3xVawpARZFqVpJOtXpraqAQIL1Zs9uskm+qjXjQAHAXctK2GCHVkSuLW2lGChwE 3aUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-sdr:ironport-sdr; bh=Yo/EOEBfHfnFn3MT/i6K+BzbMBBTGYqnLJC+08TqHZo=; b=IyAWr4OvJdvQLmjwwyBXySK2Fs74n909WgCOexXgJU8311WPgB8p1yOMvySH3n6HZe m0abrqdobB5VfgGYaI66/v+bcYpHa8PRwyHeM7XvjSLZCl+nIEpG4ixZw3yv2lVzGIX9 IdgwyBYfficbsKfVPGzcmDjfdBHyAtFqH7pgCEqQLE2EEUyVY+PB5H3tSxWYS5J9jldK dt04uoOANVcCB+EtMr65qMQ3N1PRPNuwEMKyqLiUEOZ4Of/lpr4T+du2s/vKZD8UJygE hyTU69qrZBKKrF4gdJD8l2UREb17xqft2kjnW4t7TyT6vMymHm8abXJxQYq+2wXbBnkG 92dw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d21si10552282eje.437.2020.07.20.13.42.13; Mon, 20 Jul 2020 13:42:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726858AbgGTUmI (ORCPT + 99 others); Mon, 20 Jul 2020 16:42:08 -0400 Received: from mga18.intel.com ([134.134.136.126]:45380 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726046AbgGTUmH (ORCPT ); Mon, 20 Jul 2020 16:42:07 -0400 IronPort-SDR: ij/qqMOazJTzpOx8VIIzOGMDCMohGB72QcdslAAmapablGsG8hFsHSDH+f6WE9eb1fHY3QjL05 V6QAz4vQpK8A== X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="137492271" X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="137492271" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2020 13:42:07 -0700 IronPort-SDR: I6Vr1MJopZ4DUVQohuhuZLU1t6WKGK6fnBdJurZJ4XZtfYgrhu34zKfTFmcsGttfFmJccbfBdD CB+DNOCsKXiw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="283636787" Received: from aukiwe-mobl.amr.corp.intel.com (HELO ingas-nuc1.intel.com) ([10.254.77.52]) by orsmga003.jf.intel.com with ESMTP; 20 Jul 2020 13:42:07 -0700 From: Inga Stotland To: linux-bluetooth@vger.kernel.org Cc: brian.gix@intel.com, Inga Stotland Subject: [PATCH BlueZ] tools/mesh-cfgclient: Fix segfault on remote node reset Date: Mon, 20 Jul 2020 13:42:06 -0700 Message-Id: <20200720204206.226761-1-inga.stotland@intel.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This fixes a segfault that is caused by freeeing non-allocated memory. Happens upon the removal of a remote node when remote's net key and/or app key queues are destroyed. __GI___libc_free (mem=0x1) at malloc.c:3102 destroy=destroy@entry=0x55761f63a3b0 ) at ell/queue.c:107 destroy=destroy@entry=0x55761f63a3b0 ) at ell/queue.c:82 at tools/mesh/remote.c:140 at tools/mesh/cfgcli.c:764 at tools/mesh/cfgcli.c:764 msg=0x5576213aa6f0, user_data=) at tools/mesh-cfgclient.c:1522 dbus=dbus@entry=0x55762132f860, message=message@entry=0x5576213aa6f0) at ell/dbus-service.c:1793 user_data=0x55762132f860) at ell/dbus.c:285 user_data=0x55762132f940) at ell/io.c:126 --- tools/mesh/remote.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/mesh/remote.c b/tools/mesh/remote.c index 2a8f747d6..c74f0bec1 100644 --- a/tools/mesh/remote.c +++ b/tools/mesh/remote.c @@ -134,10 +134,11 @@ uint8_t remote_del_node(uint16_t unicast) l_queue_destroy(rmt->els[i], NULL); remote_add_blacklisted_address(unicast + i, iv_index, true); } + l_free(rmt->els); - l_queue_destroy(rmt->net_keys, l_free); - l_queue_destroy(rmt->app_keys, l_free); + l_queue_destroy(rmt->net_keys, NULL); + l_queue_destroy(rmt->app_keys, NULL); l_free(rmt); mesh_db_del_node(unicast); -- 2.26.2