[bluez/bluez] 6b9dff: shared/vcp: use iov

All of lore.kernel.org
 help / color / mirror / Atom feed

* [bluez/bluez] 6b9dff: shared/vcp: use iov_pull in input parsing
@ 2025-05-05 20:20 Luiz Augusto von Dentz
  0 siblings, 0 replies; only message in thread
From: Luiz Augusto von Dentz @ 2025-05-05 20:20 UTC (permalink / raw)
  To: linux-bluetooth

  Branch: refs/heads/master
  Home:   https://github.com/bluez/bluez
  Commit: 6b9dff8fe39671037cafcc8b7f76ee3383355115
      https://github.com/bluez/bluez/commit/6b9dff8fe39671037cafcc8b7f76ee3383355115
  Author: Pauli Virtanen <pav@iki.fi>
  Date:   2025-05-05 (Mon, 05 May 2025)

  Changed paths:
    M src/shared/vcp.c

  Log Message:
  -----------
  shared/vcp: use iov_pull in input parsing

Check input is right size by using iov_pull* when parsing.

Also replace custom iov_pull_mem by equivalent util_iov_pull_mem, and
add iov_pull_string.

Fixes handling of zero-length string-valued descriptors, !value is not
error.

Fixes crashes like:

ERROR: AddressSanitizer: stack-buffer-overflow
WRITE of size 3 at 0x7b878bb77161 thread T0
    #0 0x7f878eee4821 in memcpy
    #1 0x0000009544d4 in read_aics_aud_ip_type src/shared/vcp.c:2713
    #2 0x000000950cec in vcp_pending_complete src/shared/vcp.c:2394
    #3 0x00000088b2ce in read_cb src/shared/gatt-client.c:2717


  Commit: 4bbfd9712857d4983593df23b82eb599907e6a69
      https://github.com/bluez/bluez/commit/4bbfd9712857d4983593df23b82eb599907e6a69
  Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
  Date:   2025-05-05 (Mon, 05 May 2025)

  Changed paths:
    M src/shared/bap.c

  Log Message:
  -----------
  shared/bap: Fix handling of ASCS_Codec_Config

The codec under bt_ascs_config is in little endian which may differ
from the native endianness when it comes to vendor specific field that
are multibyte causing the following error:

BAP/USR/SCC/BV-033-C [USR SNK Config Codec, VS] - setup complete
BAP/USR/SCC/BV-033-C [USR SNK Config Codec, VS] - run
...
 bt_gatt_server:src/shared/gatt-server.c:write_cb() Write Cmd - handle: 0x0022
 bt_bap:src/shared/bap.c:ascs_ase_cp_write() Codec Config
 bt_bap:src/shared/bap.c:ascs_config() codec 0xff phy 0x02 latency 2
 bt_bap:src/shared/bap.c:ep_config() ep 0x21d6600 id 0x01 dir 0x01
 handle 0x0022 len 5
 test-bap: > 1b 22 00 01 01 01 09 01             ."......
 test-bap: ! 1b 22 00 01 01 01 00 00             ."......


Compare: https://github.com/bluez/bluez/compare/0831bd39a0bd...4bbfd9712857

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-05-05 20:20 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-05 20:20 [bluez/bluez] 6b9dff: shared/vcp: use iov_pull in input parsing Luiz Augusto von Dentz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.