From: Marcel Holtmann <marcel@holtmann.org>
To: BlueZ users <bluez-users@lists.sourceforge.net>
Subject: Re: [Bluez-users] adding a SDP attribute HID_DESCRIPTOR_LIST
Date: Tue, 05 Sep 2006 12:16:54 +0200 [thread overview]
Message-ID: <1157451414.4206.6.camel@localhost> (raw)
In-Reply-To: <loom.20060903T214020-327@post.gmane.org>
Hi Dick,
> > what are you talking about. I have no idea and it would be better if you
> > send me an example on how to reproduce this segmentation fault.
>
> try the following patch on bluez-utils-3.4:
> --- tools/sdptool.c 2006-06-17 16:31:37.000000000 +0200
> +++ tools/sdptool.c 2006-09-03 21:54:54.000000000 +0200
> @@ -2139,6 +2139,21 @@
> 0x75, 0x01,
> 0x95, 0x04,
> 0x81, 0x01,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> + 0x0, 0x0,
> 0xc0 // end tag
> };
>
> (this patch adds 30 zero's to hid_report so it is >128)
the used buffer is from the stack and we end up overwriting the stack.
> and see:
> $ sdptool add keyb
> Segmentation fault
>
> the following patch on bluez-utils:
> $ sed -i -e 's/\(#define SDP_SEQ_PDUFORM_SIZE\) 128/\1 256/' ${S}/src/sdp.c
>
> fixes the problem for me... (increasing the PDUFORM_SIZE)
>
> So my questions are:
> - could you increase the SDP_SEQ_PDUFORM_SIZE
I removed the constant completely and increased the buffer to 256 byte
for now.
> - it would be nice to have some range checking, it's very confusing because the
> segfault occures in sdp_record_register and not in
> sdp_attr_add()/sdp_data_alloc()/sdp_seql_alloc()
The problem is actually in sdp_append_to_pdu() and this needs fixing.
Feel free to propose a patch. And it would be better to not use stack
memory for this.
Regards
Marcel
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-users mailing list
Bluez-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-users
prev parent reply other threads:[~2006-09-05 10:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-02 11:04 [Bluez-users] adding a SDP attribute HID_DESCRIPTOR_LIST Dick
2006-09-02 18:23 ` Marcel Holtmann
2006-09-02 18:10 ` Dick
2006-09-02 20:41 ` Dick
2006-09-03 21:32 ` Marcel Holtmann
2006-09-03 20:07 ` Dick
2006-09-05 10:16 ` Marcel Holtmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1157451414.4206.6.camel@localhost \
--to=marcel@holtmann.org \
--cc=bluez-users@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox