[bluez/bluez] 01f3ef: bap: don't pass in stream's own metadata to enable()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pauli Virtanen <noreply@github.com>
To: linux-bluetooth@vger.kernel.org
Subject: [bluez/bluez] 01f3ef: bap: don't pass in stream's own metadata to enable()
Date: Fri, 20 Jun 2025 14:14:34 -0700	[thread overview]
Message-ID: <bluez/bluez/push/refs/heads/master/a209d6-01f3ef@github.com> (raw)

  Branch: refs/heads/master
  Home:   https://github.com/bluez/bluez
  Commit: 01f3ef3cd9d69b56554f5ef6d7ac2a5c40e41393
      https://github.com/bluez/bluez/commit/01f3ef3cd9d69b56554f5ef6d7ac2a5c40e41393
  Author: Pauli Virtanen <pav@iki.fi>
  Date:   2025-06-20 (Fri, 20 Jun 2025)

  Changed paths:
    M profiles/audio/transport.c

  Log Message:
  -----------
  bap: don't pass in stream's own metadata to enable()

Stream owned metadata pointers may be invalidated in bt_bap_stream
operations. Just pass in NULL to keep the current value.

Fixes:

ERROR: AddressSanitizer: heap-use-after-free
READ of size 8 at 0x7b86a76f5d18 thread T0
    #0 0x000000836745 in util_iov_dup src/shared/util.c:353
    #1 0x0000008ea96b in bap_stream_metadata src/shared/bap.c:1991
    #2 0x0000008ebfbe in bap_ucast_enable src/shared/bap.c:2072
    #3 0x0000009226e7 in bt_bap_stream_enable src/shared/bap.c:6392
    #4 0x00000044037d in transport_bap_resume profiles/audio/transport.c:1981
freed by thread T0 here:
    #0 0x7f66a92e5bcb in free.part.0 (/lib64/libasan.so.8+0xe5bcb)
    #1 0x000000837002 in util_iov_free src/shared/util.c:392
    #2 0x0000008ea94e in bap_stream_metadata src/shared/bap.c:1990
    #3 0x0000008ebfbe in bap_ucast_enable src/shared/bap.c:2072



To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

                 reply	other threads:[~2025-06-20 21:14 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bluez/bluez/push/refs/heads/master/a209d6-01f3ef@github.com \
    --to=noreply@github.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.