From: Luiz Augusto von Dentz <[email protected]>
This fixes the following crash:
Invalid read of size 8
at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
by 0x1EB6BD: bt_bap_detach (bap.c:3821)
by 0x1EB6BD: bt_bap_detach (bap.c:3808)
by 0x1D5631: queue_foreach (queue.c:207)
by 0x1DCAA3: disconnect_cb (att.c:713)
by 0x1F4404: watch_callback (io-glib.c:157)
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x1304B4: main (main.c:1428)
Address 0x28 is not stack'd, malloc'd or (recently) free'd
---
src/shared/gatt-client.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index 3a29f807fc85..d28f5b3670f6 100644
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -3809,6 +3809,9 @@ bool bt_gatt_client_idle_unregister(struct bt_gatt_client *client,
{
struct idle_cb *idle = UINT_TO_PTR(id);
+ if (!client || !id)
+ return false;
+
if (queue_remove(client->idle_cbs, idle)) {
idle_destroy(idle);
return true;
--
2.39.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=730060
---Test result---
Test Summary:
CheckPatch FAIL 0.83 seconds
GitLint PASS 0.29 seconds
BuildEll PASS 26.48 seconds
BluezMake PASS 751.63 seconds
MakeCheck PASS 10.76 seconds
MakeDistcheck PASS 148.57 seconds
CheckValgrind PASS 240.05 seconds
CheckSmatch PASS 322.03 seconds
bluezmakeextell PASS 97.02 seconds
IncrementalBuild PASS 627.67 seconds
ScanBuild PASS 968.28 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#90:
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
/github/workspace/src/src/13174960.patch total: 0 errors, 1 warnings, 9 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13174960.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Tue, 14 Mar 2023 12:23:25 -0700 you wrote:
> From: Luiz Augusto von Dentz <[email protected]>
>
> This fixes the following crash:
>
> Invalid read of size 8
> at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
> by 0x1EB6BD: bt_bap_detach (bap.c:3821)
> by 0x1EB6BD: bt_bap_detach (bap.c:3808)
> by 0x1D5631: queue_foreach (queue.c:207)
> by 0x1DCAA3: disconnect_cb (att.c:713)
> by 0x1F4404: watch_callback (io-glib.c:157)
> by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
> by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
> by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
> by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
> by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
> by 0x1304B4: main (main.c:1428)
> Address 0x28 is not stack'd, malloc'd or (recently) free'd
>
> [...]
Here is the summary with links:
- [BlueZ] shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=857d9b96b384
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html