| Message ID | 20230313183121.162037-1-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ] device: Fix crash attempting to read Sets property | expand |
Hello: This patch was applied to bluetooth/bluez.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Mon, 13 Mar 2023 11:31:21 -0700 you wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > The following set can be observed when a sirk is exists but it is > encrypted leading to info->set to not be set: > > Invalid read of size 8 > at 0x1ACDF0: append_set (device.c:1662) > by 0x1FFEFFF7DF: ??? > by 0x1D4461: queue_foreach (queue.c:207) > by 0x1AC8DE: dev_property_get_set (device.c:1700) > by 0x1CF3E2: append_property (object.c:498) > by 0x1CFA91: append_properties (object.c:527) > by 0x1CFAFD: append_interface (object.c:542) > by 0x48D7CEF: g_slist_foreach (gslist.c:887) > by 0x1CF5A7: append_interfaces (object.c:1104) > by 0x1CF5A7: append_object (object.c:1119) > by 0x48D7CEF: g_slist_foreach (gslist.c:887) > by 0x1CF5D0: append_object (object.c:1122) > by 0x48D7CEF: g_slist_foreach (gslist.c:887) > Address 0x8 is not stack'd, malloc'd or (recently) free'd > > [...] Here is the summary with links: - [BlueZ] device: Fix crash attempting to read Sets property https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=2762129212f1 You are awesome, thank you!
diff --git a/src/device.c b/src/device.c index 77b38e97a7ea..f31f2a097e07 100644 --- a/src/device.c +++ b/src/device.c @@ -1659,10 +1659,15 @@ static gboolean dev_property_wake_allowed_exist( static void append_set(void *data, void *user_data) { struct sirk_info *info = data; - const char *path = btd_set_get_path(info->set); + const char *path; DBusMessageIter *iter = user_data; DBusMessageIter entry, dict; + if (!info->set) + return; + + path = btd_set_get_path(info->set); + dbus_message_iter_open_container(iter, DBUS_TYPE_DICT_ENTRY, NULL, &entry);
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> The following set can be observed when a sirk is exists but it is encrypted leading to info->set to not be set: Invalid read of size 8 at 0x1ACDF0: append_set (device.c:1662) by 0x1FFEFFF7DF: ??? by 0x1D4461: queue_foreach (queue.c:207) by 0x1AC8DE: dev_property_get_set (device.c:1700) by 0x1CF3E2: append_property (object.c:498) by 0x1CFA91: append_properties (object.c:527) by 0x1CFAFD: append_interface (object.c:542) by 0x48D7CEF: g_slist_foreach (gslist.c:887) by 0x1CF5A7: append_interfaces (object.c:1104) by 0x1CF5A7: append_object (object.c:1119) by 0x48D7CEF: g_slist_foreach (gslist.c:887) by 0x1CF5D0: append_object (object.c:1122) by 0x48D7CEF: g_slist_foreach (gslist.c:887) Address 0x8 is not stack'd, malloc'd or (recently) free'd --- src/device.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)