* [PATCH BlueZ 0/1] Fix crash when unregistering bcast source endpoint
@ 2024-02-23 14:16 Silviu Florian Barbulescu
2024-02-23 14:16 ` [PATCH BlueZ 1/1] shared/bap: Fix crash unreg bcast src endpoint Silviu Florian Barbulescu
2024-02-23 14:49 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth
0 siblings, 2 replies; 4+ messages in thread
From: Silviu Florian Barbulescu @ 2024-02-23 14:16 UTC (permalink / raw)
To: linux-bluetooth
Cc: mihai-octavian.urzica, silviu.barbulescu, vlad.pruteanu,
andrei.istodorescu, luiz.dentz, iulia.tanasescu
In bt_bap_stream_release stream is accessed after free
ERROR: AddressSanitizer: heap-use-after-free on address
READ of size 8 at 0x60d0000001e0 thread T0
#0 0x556602a14ce0 in bt_bap_stream_release src/shared/bap.c:5423
#1 0x556602981292 in queue_foreach src/shared/queue.c:207
#2 0x556602a0712a in bt_bap_remove_pac src/shared/bap.c:3572
#3 0x5566026ca846 in media_endpoint_destroy profiles/audio/media.c:180
#4 0x5566026cdef9 in unregister_endpoint profiles/audio/media.c:1708
Silviu Florian Barbulescu (1):
shared/bap: Fix crash unreg bcast src endpoint
src/shared/bap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
base-commit: a16c2ccf9c256285188f4549b7b767cf31b100eb
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH BlueZ 1/1] shared/bap: Fix crash unreg bcast src endpoint
2024-02-23 14:16 [PATCH BlueZ 0/1] Fix crash when unregistering bcast source endpoint Silviu Florian Barbulescu
@ 2024-02-23 14:16 ` Silviu Florian Barbulescu
2024-02-23 15:30 ` Fix crash when unregistering bcast source endpoint bluez.test.bot
2024-02-23 14:49 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth
1 sibling, 1 reply; 4+ messages in thread
From: Silviu Florian Barbulescu @ 2024-02-23 14:16 UTC (permalink / raw)
To: linux-bluetooth
Cc: mihai-octavian.urzica, silviu.barbulescu, vlad.pruteanu,
andrei.istodorescu, luiz.dentz, iulia.tanasescu
In bt_bap_stream_release stream is accessed after free
---
src/shared/bap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index f5fc14027..626e8f127 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -5411,16 +5411,17 @@ unsigned int bt_bap_stream_release(struct bt_bap_stream *stream,
void *user_data)
{
unsigned int id;
+ struct bt_bap *bap = stream->bap;
if (!stream || !stream->ops || !stream->ops->release)
return 0;
- if (!bt_bap_ref_safe(stream->bap))
+ if (!bt_bap_ref_safe(bap))
return 0;
id = stream->ops->release(stream, func, user_data);
- bt_bap_unref(stream->bap);
+ bt_bap_unref(bap);
return id;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH BlueZ 0/1] Fix crash when unregistering bcast source endpoint
2024-02-23 14:16 [PATCH BlueZ 0/1] Fix crash when unregistering bcast source endpoint Silviu Florian Barbulescu
2024-02-23 14:16 ` [PATCH BlueZ 1/1] shared/bap: Fix crash unreg bcast src endpoint Silviu Florian Barbulescu
@ 2024-02-23 14:49 ` patchwork-bot+bluetooth
1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+bluetooth @ 2024-02-23 14:49 UTC (permalink / raw)
To: Silviu Florian Barbulescu
Cc: linux-bluetooth, mihai-octavian.urzica, vlad.pruteanu,
andrei.istodorescu, luiz.dentz, iulia.tanasescu
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Fri, 23 Feb 2024 16:16:08 +0200 you wrote:
> In bt_bap_stream_release stream is accessed after free
> ERROR: AddressSanitizer: heap-use-after-free on address
> READ of size 8 at 0x60d0000001e0 thread T0
> #0 0x556602a14ce0 in bt_bap_stream_release src/shared/bap.c:5423
> #1 0x556602981292 in queue_foreach src/shared/queue.c:207
> #2 0x556602a0712a in bt_bap_remove_pac src/shared/bap.c:3572
> #3 0x5566026ca846 in media_endpoint_destroy profiles/audio/media.c:180
> #4 0x5566026cdef9 in unregister_endpoint profiles/audio/media.c:1708
>
> [...]
Here is the summary with links:
- [BlueZ,1/1] shared/bap: Fix crash unreg bcast src endpoint
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=8f262a27bdf2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Fix crash when unregistering bcast source endpoint
2024-02-23 14:16 ` [PATCH BlueZ 1/1] shared/bap: Fix crash unreg bcast src endpoint Silviu Florian Barbulescu
@ 2024-02-23 15:30 ` bluez.test.bot
0 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2024-02-23 15:30 UTC (permalink / raw)
To: linux-bluetooth, silviu.barbulescu
[-- Attachment #1: Type: text/plain, Size: 1618 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=829116
---Test result---
Test Summary:
CheckPatch PASS 0.46 seconds
GitLint PASS 0.32 seconds
BuildEll PASS 23.94 seconds
BluezMake PASS 720.27 seconds
MakeCheck PASS 12.00 seconds
MakeDistcheck PASS 163.14 seconds
CheckValgrind PASS 225.71 seconds
CheckSmatch PASS 330.14 seconds
bluezmakeextell PASS 109.14 seconds
IncrementalBuild PASS 681.46 seconds
ScanBuild WARNING 956.79 seconds
Details
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
src/shared/bap.c:1145:2: warning: Use of memory after it is freed
DBG(stream->bap, "stream %p", stream);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/bap.c:40:2: note: expanded from macro 'DBG'
bap_debug(_bap, "%s:%s() " fmt, __FILE__, __func__, ## arg)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/bap.c:1698:3: warning: Use of memory after it is freed
stream_set_state(stream, BT_BAP_STREAM_STATE_CONFIG);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-02-23 15:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-23 14:16 [PATCH BlueZ 0/1] Fix crash when unregistering bcast source endpoint Silviu Florian Barbulescu
2024-02-23 14:16 ` [PATCH BlueZ 1/1] shared/bap: Fix crash unreg bcast src endpoint Silviu Florian Barbulescu
2024-02-23 15:30 ` Fix crash when unregistering bcast source endpoint bluez.test.bot
2024-02-23 14:49 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.