[BlueZ,v2,04/20] client/gatt: Check write_value() retval

Message ID	20240510121355.3241456-5-hadess@hadess.net
State	Superseded
Headers	show Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 650FF16FF36 for <linux-bluetooth@vger.kernel.org>; Fri, 10 May 2024 12:14:04 +0000 (UTC) From: Bastien Nocera <hadess@hadess.net> To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera <hadess@hadess.net> Subject: [BlueZ v2 04/20] client/gatt: Check write_value() retval Date: Fri, 10 May 2024 14:10:14 +0200 Message-ID: <20240510121355.3241456-5-hadess@hadess.net> In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fix a number of static analysis issues \| expand [BlueZ,v2,00/20] Fix a number of static analysis issues [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer overflow [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error [BlueZ,v2,04/20] client/gatt: Check write_value() retval [BlueZ,v2,05/20] client/main: Fix array access [BlueZ,v2,06/20] client/main: Fix mismatched free [BlueZ,v2,07/20] monitor/att: Fix memory leak [BlueZ,v2,08/20] bap: Fix memory leaks [BlueZ,v2,09/20] media: Fix memory leak [BlueZ,v2,10/20] main: Fix memory leaks [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid [BlueZ,v2,12/20] isotest: Fix error check after opening file [BlueZ,v2,13/20] client/player: Fix copy/paste error [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error [BlueZ,v2,15/20] isotest: Fix fd leak [BlueZ,v2,16/20] iso-tester: Fix fd leak [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory [BlueZ,v2,18/20] monitor: Work-around memory leak warning [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage [BlueZ,v2,20/20] main: Simplify variable assignment

Message ID

20240510121355.3241456-5-hadess@hadess.net

State

Superseded

Headers

From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ v2 04/20] client/gatt: Check write_value() retval
Date: Fri, 10 May 2024 14:10:14 +0200
Message-ID: <20240510121355.3241456-5-hadess@hadess.net>
In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net>
References: <20240510121355.3241456-1-hadess@hadess.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fix a number of static analysis issues | expand

Commit Message

Bastien Nocera May 10, 2024, 12:10 p.m. UTC

Error: CHECKED_RETURN (CWE-252): [#def35]
bluez-5.75/client/gatt.c:3191:3: check_return: Calling "write_value" without checking return value (as is done elsewhere 5 out of 6 times).
bluez-5.75/client/gatt.c:2371:2: example_checked: Example 1: "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)".
bluez-5.75/client/gatt.c:2502:2: example_checked: Example 2: "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)".
bluez-5.75/client/gatt.c:2919:2: example_checked: Example 3: "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)" has its value checked in "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)".
bluez-5.75/client/gatt.c:759:3: example_checked: Example 4: "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)" has its value checked in "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)".
bluez-5.75/client/gatt.c:775:3: example_checked: Example 5: "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)" has its value checked in "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)".
3189|			}
3190|
3191|->			write_value(&chrc->value_len, &chrc->value, value, len,
3192|					0, chrc->max_val_len);
---
 client/gatt.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/client/gatt.c b/client/gatt.c
index 6c7603985172..e85031277bd5 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -3197,9 +3197,13 @@  static void proxy_property_changed(GDBusProxy *proxy, const char *name,
 			dbus_message_iter_get_fixed_array(&array, &value, &len);
 		}
 
-		write_value(&chrc->value_len, &chrc->value, value, len,
-				0, chrc->max_val_len);
-		bt_shell_hexdump(value, len);
+		if (write_value(&chrc->value_len, &chrc->value, value, len,
+				0, chrc->max_val_len)) {
+			bt_shell_printf("Unable to update property value for %s\n",
+					name);
+		} else {
+			bt_shell_hexdump(value, len);
+		}
 	}
 
 	g_dbus_emit_property_changed(conn, chrc->path, CHRC_INTERFACE, name);

[BlueZ,v2,04/20] client/gatt: Check write_value() retval

Commit Message

Patch