* [PATCH BlueZ] avrcp: Fix crash while handling unsupported events
@ 2023-03-30 23:44 Luiz Augusto von Dentz
2023-03-31 2:00 ` [BlueZ] " bluez.test.bot
2023-03-31 22:10 ` [PATCH BlueZ] " patchwork-bot+bluetooth
0 siblings, 2 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2023-03-30 23:44 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The following crash can be observed if the remote peer send and
unsupported event:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
WRITE of size 1 at 0x60b000148f11 thread T0
#0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
#1 0x559644536c22 in control_response profiles/audio/avctp.c:939
#2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
#3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
#4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
#5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
#6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
#7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
#8 0x5596445bb963 in main src/main.c:1289
#9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
#11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
---
profiles/audio/avrcp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index 80f34c7a77a1..dda9a303fb71 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code,
case AVRCP_EVENT_UIDS_CHANGED:
avrcp_uids_changed(session, pdu);
break;
+ default:
+ if (event > AVRCP_EVENT_LAST) {
+ warn("Unsupported event: %u", event);
+ return FALSE;
+ }
+ break;
}
session->registered_events |= (1 << event);
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* RE: [BlueZ] avrcp: Fix crash while handling unsupported events
2023-03-30 23:44 [PATCH BlueZ] avrcp: Fix crash while handling unsupported events Luiz Augusto von Dentz
@ 2023-03-31 2:00 ` bluez.test.bot
2023-03-31 22:10 ` [PATCH BlueZ] " patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2023-03-31 2:00 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 3077 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=735621
---Test result---
Test Summary:
CheckPatch FAIL 0.74 seconds
GitLint FAIL 0.54 seconds
BuildEll PASS 26.44 seconds
BluezMake PASS 753.07 seconds
MakeCheck PASS 11.41 seconds
MakeDistcheck PASS 148.65 seconds
CheckValgrind PASS 240.95 seconds
CheckSmatch PASS 323.46 seconds
bluezmakeextell PASS 96.96 seconds
IncrementalBuild PASS 604.17 seconds
ScanBuild PASS 962.23 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] avrcp: Fix crash while handling unsupported events
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#90:
#3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
/github/workspace/src/src/13195053.patch total: 0 errors, 1 warnings, 12 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13195053.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ] avrcp: Fix crash while handling unsupported events
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
14: B1 Line exceeds max length (98>80): " #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)"
16: B1 Line exceeds max length (90>80): " #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)"
18: B1 Line exceeds max length (83>80): " #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188"
20: B1 Line exceeds max length (90>80): " #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58"
22: B1 Line exceeds max length (83>80): " #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)"
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH BlueZ] avrcp: Fix crash while handling unsupported events
2023-03-30 23:44 [PATCH BlueZ] avrcp: Fix crash while handling unsupported events Luiz Augusto von Dentz
2023-03-31 2:00 ` [BlueZ] " bluez.test.bot
@ 2023-03-31 22:10 ` patchwork-bot+bluetooth
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+bluetooth @ 2023-03-31 22:10 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Thu, 30 Mar 2023 16:44:25 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> The following crash can be observed if the remote peer send and
> unsupported event:
>
> ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
> at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
> WRITE of size 1 at 0x60b000148f11 thread T0
> #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
> #1 0x559644536c22 in control_response profiles/audio/avctp.c:939
> #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
> #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
> #4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
> #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
> #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
> #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
> #8 0x5596445bb963 in main src/main.c:1289
> #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
> #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
> #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
>
> [...]
Here is the summary with links:
- [BlueZ] avrcp: Fix crash while handling unsupported events
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f54299a85067
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-31 22:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-30 23:44 [PATCH BlueZ] avrcp: Fix crash while handling unsupported events Luiz Augusto von Dentz
2023-03-31 2:00 ` [BlueZ] " bluez.test.bot
2023-03-31 22:10 ` [PATCH BlueZ] " patchwork-bot+bluetooth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.