Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1976529pxb; Wed, 30 Mar 2022 13:49:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJys5yoH8Ls95hBUGrg4SRz9tygUUI9oWCvq89B39y75DXE9j2uitCSOFynjgpVR5WCaqy7O X-Received: by 2002:a17:907:d2a:b0:6df:8b4b:2b3b with SMTP id gn42-20020a1709070d2a00b006df8b4b2b3bmr1511689ejc.575.1648673365676; Wed, 30 Mar 2022 13:49:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648673365; cv=none; d=google.com; s=arc-20160816; b=qHeN1xTEDZkMIYMUOFytxiTK2cVvFrI0eJqeiLSB52nBd0vMZ9aGI0BEZ/1KPAgoek YBbemn2EtqaK6ComEY/EbuKrWE2XKkKPu1HujLv5Xhx0UeW75/HL1cRoLCM67TQAaWC6 eDNok7sYoQX5I4qC/VmpoSU5dsAsRBFGj6mxH5tMfwAVFjHcjhO0I9TKElgu05K3lByK jw7hMxL0tLCeyhbMLqXN4bTkFGXIUxMcQyboVaCXy6y7SS4s8a9kUXJFwWpLZwxl3Rts m51UnOKlUgRPsRpH6PDTt7pMhYfTb4XU0nl60FDLT8o5SniEZoIynzCAtUU0JqFtkhZe wLIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=w6xiHdfq0xxN5KWibMpAuSW8diasYg7iip3vPc+3SqI=; b=h24ECjobEuMbYeHnZFiRMzAdVBFhvC/s94yFQFpZ4ZDyUj39c20rHv95hlxdJ2xNe4 P/x0mY0k+5sv710iaCb0pRritnYtuARxgvur+Saz/FKlQmNg2mAUDvTEpycs01/BaGaZ kBCZHo8O3tkOcrAfAT/WfeAN+KOaIuJ8WTVN5rXHE5G0s/ZQyY7wraFhIKO7GO2FwXct AjgkADVtjsL+R168O2U1WTiUU6bQ2eq1JO2vmOdCBAqaYlNZps3ZI0A91wcS/j9OCcCP jbqb6FARLuMZKi6bkQTgPwOxQkxh0jDxFc4eaRw3vhjRBk0aKUU99nmesPbibt82dvVs tg6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="crK3hh/6"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jr19-20020a170906515300b006dfe65cdeefsi19832270ejc.87.2022.03.30.13.48.08; Wed, 30 Mar 2022 13:49:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="crK3hh/6"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244814AbiC3Ja4 (ORCPT + 99 others); Wed, 30 Mar 2022 05:30:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244821AbiC3Jaz (ORCPT ); Wed, 30 Mar 2022 05:30:55 -0400 Received: from bhuna.collabora.co.uk (bhuna.collabora.co.uk [IPv6:2a00:1098:0:82:1000:25:2eeb:e3e3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 433122ED47 for ; Wed, 30 Mar 2022 02:29:08 -0700 (PDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: fdanis) with ESMTPSA id 165471F44489 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1648632547; bh=FfgtYDL2l9wpGYKqYLpfFrAk9rn6nO9x4D9vcKaDIFc=; h=From:To:Subject:Date:From; b=crK3hh/69PX3uHD7hsyYKApythp51rqCAQNZs6qLX1Vc9qR75lpkSlCMEn58rTUNl hYE7LRys2PwW/QsvDEKeSlA8p6yzV0FCrAY4hb1HYSAoXTin9I4qBzONF+NjvhG55C +70yD6EuypFhU1D36a5/P2T0hxqWAXdEDxc/k2R520RBJp+dkfTp8HGaApq/cN00jE lpD8gBJBZ7ntpYrOLDqu5HCaccYrqxzhDQserN/v754Hpj/xwWDHy2voxHFFbN1Pa7 2M5M95s3XsCOhKj6lHGTGwmYypTu/Wdn7ipR8ie78TltFz0BoFaevVfGomLSwrhIaj hGdhC2AQV+2ww== From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Danis?= To: linux-bluetooth@vger.kernel.org Subject: [BlueZ,v5] a2dp: Fix crash when SEP codec has not been initialized Date: Wed, 30 Mar 2022 11:28:44 +0200 Message-Id: <20220330092844.44762-1-frederic.danis@collabora.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org If SEP has not been properly discovered avdtp_get_codec may return NULL thus causing crashes such as when running AVRCP/TG/VLH/BI-01-C after AVRCP/TG/RCR/BV-04-C. Prevent remote endpoint registration if its codec is not available. Remove queue_isempty check from store_remote_seps since that prevents cleaning up if no seps could be registered. --- v5: fix avdtp_get_codec() check profiles/audio/a2dp.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index c3ac432a7..21b3faa47 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -829,9 +829,6 @@ static void store_remote_seps(struct a2dp_channel *chan) char *data; gsize length = 0; - if (queue_isempty(chan->seps)) - return; - ba2str(device_get_address(device), dst_addr); snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", @@ -2074,6 +2071,11 @@ static struct a2dp_remote_sep *register_remote_sep(void *data, void *user_data) if (sep) return sep; + if (!avdtp_get_codec(rsep)) { + error("Unable to get remote sep codec"); + return NULL; + } + sep = new0(struct a2dp_remote_sep, 1); sep->chan = chan; sep->sep = rsep; @@ -2148,6 +2150,7 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file, struct avdtp_remote_sep *rsep; uint8_t lseid, rseid; char *value; + bool update = false; if (!seids) return; @@ -2206,10 +2209,19 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file, } sep = register_remote_sep(rsep, chan); - if (sep) - sep->from_cache = true; + if (!sep) { + avdtp_unregister_remote_sep(chan->session, rsep); + update = true; + continue; + } + + sep->from_cache = true; } + /* Update cache */ + if (update) + store_remote_seps(chan); + value = g_key_file_get_string(key_file, "Endpoints", "LastUsed", NULL); if (!value) return; -- 2.25.1