Re: [Bluez-devel] Bug: infinite loop in extract_seq() when sdp_extract_seqtype() fails

[Pedro Monjo Florit <pmonjo2000@yahoo.com>]

Hi Jason and Marcel,

>>>> It appears that extract_seq() in sdp.c (bluez-libs) can enter an
>>>> infinite loop if sdp_extract_seqtype() fails when extract_seq() has
>>>> called itself recursively.  Here's how:
>>> Do you have a patch for it or can you send a small reproducer program?
>> This may be a false alarm.  When I looked closer, I could not explain  
>> how the program could reach the state I described.  The problem is  
>> that sdp_extract_attr() only calls extract_seq() for aggregate  
>> types.  In fact, exactly those types that sdp_extract_seqtype()  
>> expects.  With that invariant, I don't see how the program could fall  
>> into the loop I described, not without resorting to exotic explanations.
>>
>> All I know at this point is that /var/log/messages gets an endless  
>> flood of
>>
>>    sdp_extract_seqtype: Unknown sequence type, aborting
>>
>> We don't know yet what triggers this.  Of course I will follow up if  
>> it still turns out to be a problem in bluez.
> 
> it is kinda likely that SDP still have endless loops in it. However
> please make sure you use the latest bluez-libs from CVS and really run
> the latest sdpd and/or sdptool.


In a message I sent to the mailing-list back in February (Valentine's
day), I explained what, IMHO, is the same problem. I have seen this
infinite loop being triggered by a Samsung mobile phone, but still do
not know which. I did not state it then, but syslog got flooded with the
same message that Jason reports.

I have tried to reproduce the problem with two Samsung's, with no luck.
All I could suggest is that, anybody monitoring the list with a Samsung
at hand, could fiddle with sdptool and see if the problem arises.

Cheers,

Pedro


_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel