Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2875167rdh; Wed, 27 Sep 2023 16:01:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHxP8+D2sJXyLAkH+gVYU3KVe+dveWDvz93FCH8FIeUh58bl7JT/v/UHZPNqDenZAjcRzhu X-Received: by 2002:a05:6402:2c6:b0:522:b876:9ef5 with SMTP id b6-20020a05640202c600b00522b8769ef5mr4545741edx.8.1695855693301; Wed, 27 Sep 2023 16:01:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695855693; cv=none; d=google.com; s=arc-20160816; b=t65ZNu0MxVMg6YGQCfdLktvh5kNQtfYFZztb5oX00Elqg2Ad7gqi77/0Hu2AefnmGS X91glU8Uao44202XIlhohcfQ1bQpbvNS9an8n3oqz7pRqarlW58ULA5HuyyZ3gz2jsDQ kz0dGlcPn3apfAAnSsnBNaOJPteihc96Pj/yP2brRpTPOVZA8xKpTjToUgP1ujj/kskE cpR7NZzDEw/+znMFXfpy5fnbiWHZb+hZVthVEq5O5DkRqM0JQ3vAZL9FS0AH/6ac1+nK sHo66rP0abPATVQ+FDryo21skAa5PZ9/JbmAEZgs20ujTyx8cZoGmlBkIqsBYnEpw2lB aPkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=UZDbId/Oq6bQoYjYM1BCQT82RB8NkOnAtSqUmB0Kd0w=; fh=4lGQI6056MBa4/oovMyIYaKLn+Wz/24RGvUivMmQP8E=; b=Jh8EArFNK45SXgokT0uVXnwTkrNRgZo6jerpICnleNArwteEJ2ycPGlp4VRanMjOfn ikMxsQA/vOLI7H9bAGQYc9CGguZ6JJva4lzmpYGY6tqZ4r4CuBskFfI8Nd3agopj/kpz 4IkgZqBcBcPDDmUYN+M0RbAN/X59X0IrGkh0P0VfC/8ecKFEd7zNox8jqcRYsm8h1d4f WkYWzleWdQZwbQm1Gy1eu9VB4ErKnx0ueHAznGfF+8yCdtnXf+/MLHnsVMD4ovdcKssz BfyQ4HbCQX9CP2N1OL5iMCJ5GcLrulAblT4k8mEKqVuGQkqyh2Rl3765pxC0vYtcwHug 6fAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="nSn/QFh3"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id z10-20020aa7c64a000000b005346bebc2b3si3554855edr.22.2023.09.27.16.01.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 16:01:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="nSn/QFh3"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 90B25804C4BE; Wed, 27 Sep 2023 14:40:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230034AbjI0Vkc (ORCPT + 99 others); Wed, 27 Sep 2023 17:40:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229969AbjI0Vkc (ORCPT ); Wed, 27 Sep 2023 17:40:32 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDDE212A for ; Wed, 27 Sep 2023 14:40:30 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-7741b18a06aso730369885a.1 for ; Wed, 27 Sep 2023 14:40:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695850829; x=1696455629; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UZDbId/Oq6bQoYjYM1BCQT82RB8NkOnAtSqUmB0Kd0w=; b=nSn/QFh3oJUqNf/SVdBIfrnZuJrkdXW2fFP+ZWn1k0jNm2MzrL5arolTn7g9bdNGge F8+uR5nEH6KefXRWPyZNUKMHu2nhQjtWDF9URlhYLOKVK8XYlkRbRHMCbm3JkMBiclov VVH8oDt3GcRVBxugnZOFTzgXd4cZnZ+q2/EtbM3FuNGhrIqEYnlONAMyhi7B/y6HOr4G bknrIa5dCgD2jW4hZSyrS0u83f1Vej8AYkw6WpuHUQ+BftdOlN6Gx6Tr3k/dQAxIcMCG YW7BKKNzsgf/AIiucw3BKYC2zjDaeBmtsFeWgRf8d0DdLkolGF8lsgoGrXDvT8lcqCPx xufw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695850829; x=1696455629; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UZDbId/Oq6bQoYjYM1BCQT82RB8NkOnAtSqUmB0Kd0w=; b=r3PDTjLH0ZYI/AVM5Czejod07izh4Cbuxtpvf4EIXxMYEHbahLfJNzGJ69kyzzAYBe yLTc4RVN7jpzv+a6XaJlQA0goBof/WepEN1ZzKh6PfeEDa1Fg7EilzV7wtWsKnR5mKU2 IXg17T4aU5mKxn8FH+bWHj8a9E8GoVU/OPTXGMQ5gJ2JojLrJ5ZKYdWix2MY0eXnTAmA QC+VQIWcFUIHL6TsWOIExY3j3Rmgpd+pYm1yui5m8hsnzpP2KwTjQ74cyMAkD7NIMRTc o/Cv/bb0wWQ7uT4azb+9i1fzXITNjYjNehkUG4/f2uS8Mif8knhE7w8jXxo9axKN1XA6 4N/A== X-Gm-Message-State: AOJu0Yy/Q8o/zadFetwImPYj0vW6jHOX5e5F54EV6K9Vo68DVMnfhmCr nvTk8EmaOGuw0XlESDcv5p2SpzaY+sQc0xTO X-Received: by 2002:a05:620a:448f:b0:774:226b:c327 with SMTP id x15-20020a05620a448f00b00774226bc327mr4183872qkp.67.1695850829165; Wed, 27 Sep 2023 14:40:29 -0700 (PDT) Received: from lvondent-mobl4.. (c-98-232-221-87.hsd1.or.comcast.net. [98.232.221.87]) by smtp.gmail.com with ESMTPSA id s26-20020aa78d5a000000b00672ea40b8a9sm12546004pfe.170.2023.09.27.14.40.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 14:40:28 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH v3 12/12] bap: Fix freeing value of dbus_message_iter_get_fixed_array Date: Wed, 27 Sep 2023 14:40:03 -0700 Message-ID: <20230927214003.1873224-13-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230927214003.1873224-1-luiz.dentz@gmail.com> References: <20230927214003.1873224-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 27 Sep 2023 14:40:45 -0700 (PDT) From: Luiz Augusto von Dentz The value returned by dbus_message_iter_get_fixed_array is a reference and shall not be freed: 'The returned value is by reference and should not be freed.' --- profiles/audio/bap.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c index 18872329d4ac..48a1a4f86f8d 100644 --- a/profiles/audio/bap.c +++ b/profiles/audio/bap.c @@ -365,19 +365,17 @@ static const GDBusPropertyTable ep_properties[] = { { } }; -static int parse_array(DBusMessageIter *iter, struct iovec **iov) +static int parse_array(DBusMessageIter *iter, struct iovec *iov) { DBusMessageIter array; if (!iov) return 0; - if (!(*iov)) - *iov = new0(struct iovec, 1); - dbus_message_iter_recurse(iter, &array); - dbus_message_iter_get_fixed_array(&array, &(*iov)->iov_base, - (int *)&(*iov)->iov_len); + dbus_message_iter_get_fixed_array(&array, &iov->iov_base, + (int *)&iov->iov_len); + return 0; } @@ -594,10 +592,15 @@ static int parse_bcast_qos(const char *key, int var, DBusMessageIter *iter, dbus_message_iter_get_basic(iter, &qos->bcast.timeout); } else if (!strcasecmp(key, "BCode")) { + struct iovec iov; + if (var != DBUS_TYPE_ARRAY) return -EINVAL; - parse_array(iter, &qos->bcast.bcode); + parse_array(iter, &iov); + + util_iov_free(qos->bcast.bcode, 1); + qos->bcast.bcode = util_iov_dup(&iov, 1); } else { int err; @@ -653,6 +656,9 @@ static int parse_configuration(DBusMessageIter *props, struct iovec **caps, struct bt_bap_qos *qos) { const char *key; + struct iovec iov; + + memset(&iov, 0, sizeof(iov)); while (dbus_message_iter_get_arg_type(props) == DBUS_TYPE_DICT_ENTRY) { DBusMessageIter value, entry; @@ -670,14 +676,20 @@ static int parse_configuration(DBusMessageIter *props, struct iovec **caps, if (var != DBUS_TYPE_ARRAY) goto fail; - if (parse_array(&value, caps)) + if (parse_array(&value, &iov)) goto fail; + + util_iov_free(*caps, 1); + *caps = util_iov_dup(&iov, 1); } else if (!strcasecmp(key, "Metadata")) { if (var != DBUS_TYPE_ARRAY) goto fail; - if (parse_array(&value, metadata)) + if (parse_array(&value, &iov)) goto fail; + + util_iov_free(*metadata, 1); + *metadata = util_iov_dup(&iov, 1); } else if (!strcasecmp(key, "QoS")) { if (var != DBUS_TYPE_ARRAY) goto fail; @@ -1202,6 +1214,7 @@ static void select_cb(struct bt_bap_pac *pac, int err, struct iovec *caps, goto done; } + util_iov_free(ep->caps, 1); ep->caps = util_iov_dup(caps, 1); if (metadata && metadata->iov_base && metadata->iov_len) { -- 2.41.0