From: Marcel Holtmann <marcel@holtmann.org>
To: BlueZ development <bluez-devel@lists.sourceforge.net>
Subject: Re: [Bluez-devel] bug in sdp_gen_pd
Date: Thu, 08 Jun 2006 00:11:28 +0200 [thread overview]
Message-ID: <1149718288.22472.71.camel@localhost> (raw)
In-Reply-To: <564d96fb0606071459i7367f84fkb7ee645941f84279@mail.gmail.com>
Hi Rafael,
> > and second, are you sure. The SDP code is
> > actually messy and some stuff is in there that actually works, but is
> > not quite obvious. Can you provide a simple test program?
>
> I found the bug while running a mid sized program in valgrind. The
> relevant part of the log is
> ==26360== Invalid read of size 1
> ==26360== at 0x4A1BAA0: memcpy (mac_replace_strmem.c:394)
> ==26360== by 0x523124D: sdp_gen_pdu (in /usr/lib/libbluetooth.so.1.0.24)
> ==26360== by 0x5231D18: sdp_append_to_pdu (in
> /usr/lib/libbluetooth.so.1.0.24)
> ==26360== by 0x522E46B: sdp_gen_record_pdu (in
> /usr/lib/libbluetooth.so.1.0.24)
> ==26360== by 0x52305D2: sdp_device_record_register (in
> /usr/lib/libbluetooth.so.1.0.24)
> .....
> ==26360== at 0x4A19A16: malloc (vg_replace_malloc.c:149)
> ==26360== by 0x522DE07: sdp_data_alloc_with_length (in
> /usr/lib/libbluetooth.so.1.0.24)
> ==26360== by 0x523078D: sdp_attr_add_new (in /usr/lib/libbluetooth.so.1.0.24)
> ==26360== by 0x52309A2: sdp_set_info_attr (in
> /usr/lib/libbluetooth.so.1.0.24)
> --------------------------------------------------
>
> If it is really necessary I can try to build a "small" test program.
it would help a lot. I am a little bit worried of such off-by-one
errors, because as I said, the SDP code is a strange code. You might
break some other part of the code that rely on this being wrong. Don't
get me wrong, it is still a bug, but we need to take care to fix both
places. And I have seen such stuff in the SDP code before. This is why I
am extra careful.
> > Never looked at it actually, but you might be right. However again,
> > there might be a really strange reason for it.
> For dead code?
Send in a patch. I will check it.
Regards
Marcel
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
next prev parent reply other threads:[~2006-06-07 22:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-06 10:25 [Bluez-devel] bug in sdp_gen_pd Rafael Espíndola
2006-06-07 21:10 ` Marcel Holtmann
2006-06-07 21:59 ` Rafael Espíndola
2006-06-07 22:11 ` Marcel Holtmann [this message]
2006-06-08 17:07 ` Rafael Espíndola
2006-06-09 20:14 ` Marcel Holtmann
2006-06-12 8:01 ` Marcel Holtmann
2006-06-12 11:52 ` Rafael Espíndola
2006-06-19 11:07 ` Marcel Holtmann
2006-06-19 12:13 ` Rafael Espíndola
2006-06-19 12:17 ` Rafael Espíndola
2006-06-19 17:38 ` Rafael Espíndola
2006-06-19 18:07 ` Marcel Holtmann
2006-06-19 20:21 ` Rafael Espíndola
2006-06-20 7:17 ` Marcel Holtmann
2006-06-26 12:49 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2006-06-06 14:14 Rafael Espíndola
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1149718288.22472.71.camel@localhost \
--to=marcel@holtmann.org \
--cc=bluez-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).