[PATCH 1/2] monitor: Fix use of uninitialized variable

[PATCH 1/2] monitor: Fix use of uninitialized variable

[Szymon Janc]

subevent code was never set in vendor_evt() resulting in printing
random stack data as subevent opcode in print_subevent().
---
 monitor/packet.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/monitor/packet.c b/monitor/packet.c
index 4c18cb2..70bd153 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -8471,6 +8471,7 @@ static void vendor_evt(const void *data, uint8_t size)
 			vendor_data.str = vendor_str;
 		} else
 			vendor_data.str = vnd->str;
+		vendor_data.subevent = subevent;
 		vendor_data.func = vnd->evt_func;
 		vendor_data.size = vnd->evt_size;
 		vendor_data.fixed = vnd->evt_fixed;
-- 
2.6.2

[PATCH 2/2] monitor: Fix possible crash on unknown LE Meta Event

[Szymon Janc]

For unknown LE Meta Event subevent_data passed to print_subevent is
NULL. This results in NULL pointer dereference when subeven code is
printed. Fix that by making print_subevent expect always valid
subevent_data and handle unknown event in caller.
---
 monitor/packet.c | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/monitor/packet.c b/monitor/packet.c
index 70bd153..322bba6 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -8375,23 +8375,17 @@ struct subevent_data {
 static void print_subevent(const struct subevent_data *subevent_data,
 					const void *data, uint8_t size)
 {
-	const char *subevent_color, *subevent_str;
+	const char *subevent_color;
 
-	if (subevent_data) {
-		if (subevent_data->func)
-			subevent_color = COLOR_HCI_EVENT;
-		else
-			subevent_color = COLOR_HCI_EVENT_UNKNOWN;
-		subevent_str = subevent_data->str;
-	} else {
+	if (subevent_data->func)
+		subevent_color = COLOR_HCI_EVENT;
+	else
 		subevent_color = COLOR_HCI_EVENT_UNKNOWN;
-		subevent_str = "Unknown";
-	}
 
-	print_indent(6, subevent_color, "", subevent_str, COLOR_OFF,
+	print_indent(6, subevent_color, "", subevent_data->str, COLOR_OFF,
 					" (0x%2.2x)", subevent_data->subevent);
 
-	if (!subevent_data || !subevent_data->func) {
+	if (!subevent_data->func) {
 		packet_hexdump(data, size);
 		return;
 	}
@@ -8442,9 +8436,16 @@ static const struct subevent_data le_meta_event_table[] = {
 static void le_meta_event_evt(const void *data, uint8_t size)
 {
 	uint8_t subevent = *((const uint8_t *) data);
-	const struct subevent_data *subevent_data = NULL;
+	struct subevent_data unknown;
+	const struct subevent_data *subevent_data = &unknown;
 	int i;
 
+	unknown.subevent = subevent;
+	unknown.str = "Unknown";
+	unknown.func = NULL;
+	unknown.size = 0;
+	unknown.fixed = true;
+
 	for (i = 0; le_meta_event_table[i].str; i++) {
 		if (le_meta_event_table[i].subevent == subevent) {
 			subevent_data = &le_meta_event_table[i];
-- 
2.6.2

Re: [PATCH 1/2] monitor: Fix use of uninitialized variable

[Szymon Janc]

On Saturday 21 November 2015 21:09:03 Szymon Janc wrote:
> subevent code was never set in vendor_evt() resulting in printing
> random stack data as subevent opcode in print_subevent().
> ---
>  monitor/packet.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/monitor/packet.c b/monitor/packet.c
> index 4c18cb2..70bd153 100644
> --- a/monitor/packet.c
> +++ b/monitor/packet.c
> @@ -8471,6 +8471,7 @@ static void vendor_evt(const void *data, uint8_t size)
> vendor_data.str = vendor_str;
>  		} else
>  			vendor_data.str = vnd->str;
> +		vendor_data.subevent = subevent;
>  		vendor_data.func = vnd->evt_func;
>  		vendor_data.size = vnd->evt_size;
>  		vendor_data.fixed = vnd->evt_fixed;

Applied.

-- 
pozdrawiam
Szymon Janc