mbox series

[BlueZ,0/7,v3] Fix bugs found by SVACE static analisys tool

Message ID 20220401111408.3961844-1-i.kamaletdinov@omp.ru
Headers show
Series Fix bugs found by SVACE static analisys tool | expand

Message

Ildar Kamaletdinov April 1, 2022, 11:14 a.m. UTC
This patch set includes few fixes that was found by Linux Verification Center
(linuxtesting.org) with the SVACE static analysis tool.

I have manually filtered out non-relevant and false positive problems and only
procedeed with bugs that currently lead to some errors/vulnerabilities or may
lead to them in some specific conditions.

Changelog:
v3 one fix wasn't staged, sorry, one more fix after CI checks
v2 some minor style fixes after CI check.
v1 initial version.

Ildar Kamaletdinov (7):
  monitor: Fix out-of-bound read in print_le_states
  tools: Fix buffer overflow in hciattach_tialt.c
  tools: Fix signed integer overflow in btsnoop.c
  tools: Prevent infinity loops in bluemoon.c
  tools: Limit width of fields in sscanf
  device: Limit width of fields in sscanf
  gatt: Fix double free and freed memory dereference

 monitor/packet.c        |  7 ++++---
 src/device.c            | 14 +++++++-------
 src/gatt-database.c     |  4 ++++
 tools/bluemoon.c        | 13 +++++++++++++
 tools/btmgmt.c          |  2 +-
 tools/btsnoop.c         |  2 +-
 tools/hciattach_tialt.c |  3 ++-
 tools/hex2hcd.c         |  2 +-
 8 files changed, 33 insertions(+), 14 deletions(-)