[PATCH BlueZ] btdev: Fix NULL pointer dereference

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH BlueZ] btdev: Fix NULL pointer dereference
@ 2023-10-14 19:16 Arkadiusz Bokowy
  2023-10-14 20:35 ` [BlueZ] " bluez.test.bot
  0 siblings, 1 reply; 2+ messages in thread
From: Arkadiusz Bokowy @ 2023-10-14 19:16 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Arkadiusz Bokowy

Move conn pointer dereference before the done label, because it is a
goto label in case of error handling - when the conn is NULL.
---
 emulator/btdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index 3840c6150..c76b89db9 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -1327,6 +1327,8 @@ static int cmd_add_sco_conn(struct btdev *dev, const void *data, uint8_t len)
 		goto done;
 	}
 
+	pending_conn_del(dev, conn->link->dev);
+
 	cc.status = BT_HCI_ERR_SUCCESS;
 	memcpy(cc.bdaddr, conn->link->dev->bdaddr, 6);
 	cc.handle = cpu_to_le16(conn->handle);
@@ -1334,8 +1336,6 @@ static int cmd_add_sco_conn(struct btdev *dev, const void *data, uint8_t len)
 	cc.encr_mode = 0x00;
 
 done:
-	pending_conn_del(dev, conn->link->dev);
-
 	send_event(dev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
 
 	return 0;
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* RE: [BlueZ] btdev: Fix NULL pointer dereference
  2023-10-14 19:16 [PATCH BlueZ] btdev: Fix NULL pointer dereference Arkadiusz Bokowy
@ 2023-10-14 20:35 ` bluez.test.bot
  0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2023-10-14 20:35 UTC (permalink / raw)
  To: linux-bluetooth, arkadiusz.bokowy

[-- Attachment #1: Type: text/plain, Size: 1736 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=793240

---Test result---

Test Summary:
CheckPatch                    PASS      0.67 seconds
GitLint                       PASS      0.33 seconds
BuildEll                      PASS      27.98 seconds
BluezMake                     PASS      805.35 seconds
MakeCheck                     PASS      11.51 seconds
MakeDistcheck                 PASS      175.45 seconds
CheckValgrind                 PASS      268.81 seconds
CheckSmatch                   WARNING   362.31 seconds
bluezmakeextell               PASS      116.69 seconds
IncrementalBuild              PASS      699.10 seconds
ScanBuild                     WARNING   1066.45 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/btdev.c:420:29: warning: Variable length array is used.
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
emulator/btdev.c:1083:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn'
        while ((conn = queue_find(dev->conns, match_handle,
                ^      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/btdev.c:1456:13: warning: Access to field 'dev' results in a dereference of a null pointer (loaded from variable 'conn')
        send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
                   ^~~~~~~~~
2 warnings generated.



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-10-14 20:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-14 19:16 [PATCH BlueZ] btdev: Fix NULL pointer dereference Arkadiusz Bokowy
2023-10-14 20:35 ` [BlueZ] " bluez.test.bot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.