Message ID | 20230314192325.464661-1-luiz.dentz@gmail.com |
---|---|
State | New |
Headers | show |
Series | [BlueZ] shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister | expand |
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=730060 ---Test result--- Test Summary: CheckPatch FAIL 0.83 seconds GitLint PASS 0.29 seconds BuildEll PASS 26.48 seconds BluezMake PASS 751.63 seconds MakeCheck PASS 10.76 seconds MakeDistcheck PASS 148.57 seconds CheckValgrind PASS 240.05 seconds CheckSmatch PASS 322.03 seconds bluezmakeextell PASS 97.02 seconds IncrementalBuild PASS 627.67 seconds ScanBuild PASS 968.28 seconds Details ############################## Test: CheckPatch - FAIL Desc: Run checkpatch.pl script Output: [BlueZ] shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line) #90: by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6) /github/workspace/src/src/13174960.patch total: 0 errors, 1 warnings, 9 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/src/13174960.patch has style problems, please review. NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. --- Regards, Linux Bluetooth
diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c index 3a29f807fc85..d28f5b3670f6 100644 --- a/src/shared/gatt-client.c +++ b/src/shared/gatt-client.c @@ -3809,6 +3809,9 @@ bool bt_gatt_client_idle_unregister(struct bt_gatt_client *client, { struct idle_cb *idle = UINT_TO_PTR(id); + if (!client || !id) + return false; + if (queue_remove(client->idle_cbs, idle)) { idle_destroy(idle); return true;
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This fixes the following crash: Invalid read of size 8 at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812) by 0x1EB6BD: bt_bap_detach (bap.c:3821) by 0x1EB6BD: bt_bap_detach (bap.c:3808) by 0x1D5631: queue_foreach (queue.c:207) by 0x1DCAA3: disconnect_cb (att.c:713) by 0x1F4404: watch_callback (io-glib.c:157) by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x1F4A54: mainloop_run (mainloop-glib.c:66) by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188) by 0x1304B4: main (main.c:1428) Address 0x28 is not stack'd, malloc'd or (recently) free'd --- src/shared/gatt-client.c | 3 +++ 1 file changed, 3 insertions(+)