Linux bluetooth development
 help / color / mirror / Atom feed
* [PATCH] Fix use of uninitialised variable on legacy pairing
@ 2010-10-05  7:40 Luiz Augusto von Dentz
  2010-10-05  8:20 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2010-10-05  7:40 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>

Regression caused by e7daece858070d71cecf6ade4f0e3c93272c53ac:

==23899== Use of uninitialised value of size 4
==23899==    at 0x49CD888: _itoa_word (_itoa.c:196)
==23899==    by 0x49D1109: vfprintf (vfprintf.c:1613)
==23899==    by 0x4A7506C: __vsprintf_chk (vsprintf_chk.c:86)
==23899==    by 0x4A74FAC: __sprintf_chk (sprintf_chk.c:33)
==23899==    by 0x4830E08: ba2str (stdio2.h:34)
==23899==    by 0x1496B3: set_pin_length (security.c:514)
==23899==    by 0x168399: pincode_cb (dbus-hci.c:179)
==23899==    by 0x162E0D: pincode_cb (device.c:2135)
==23899==    by 0x15AD55: pincode_reply (agent.c:416)
==23899==    by 0x49467E0: ??? (in /lib/libdbus-1.so.3.5.2)
==23899==    by 0x4934975: ??? (in /lib/libdbus-1.so.3.5.2)
==23899==    by 0x4937B81: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2)
==23899==
==23899== Conditional jump or move depends on uninitialised value(s)
==23899==    at 0x49CD893: _itoa_word (_itoa.c:196)
==23899==    by 0x49D1109: vfprintf (vfprintf.c:1613)
==23899==    by 0x4A7506C: __vsprintf_chk (vsprintf_chk.c:86)
==23899==    by 0x4A74FAC: __sprintf_chk (sprintf_chk.c:33)
==23899==    by 0x4830E08: ba2str (stdio2.h:34)
==23899==    by 0x1496B3: set_pin_length (security.c:514)
==23899==    by 0x168399: pincode_cb (dbus-hci.c:179)
==23899==    by 0x162E0D: pincode_cb (device.c:2135)
==23899==    by 0x15AD55: pincode_reply (agent.c:416)
==23899==    by 0x49467E0: ??? (in /lib/libdbus-1.so.3.5.2)
==23899==    by 0x4934975: ??? (in /lib/libdbus-1.so.3.5.2)
==23899==    by 0x4937B81: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2)
---
 src/dbus-hci.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/src/dbus-hci.c b/src/dbus-hci.c
index b93dbcd..7309883 100644
--- a/src/dbus-hci.c
+++ b/src/dbus-hci.c
@@ -167,6 +167,7 @@ static void pincode_cb(struct agent *agent, DBusError *derr,
 	bdaddr_t sba, dba;
 	int err;
 
+	adapter_get_address(adapter, &sba);
 	device_get_address(device, &dba);
 
 	err = btd_adapter_pincode_reply(adapter, &dba, derr ? NULL : pincode);
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Fix use of uninitialised variable on legacy pairing
  2010-10-05  7:40 [PATCH] Fix use of uninitialised variable on legacy pairing Luiz Augusto von Dentz
@ 2010-10-05  8:20 ` Johan Hedberg
  0 siblings, 0 replies; 2+ messages in thread
From: Johan Hedberg @ 2010-10-05  8:20 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth

Hi Luiz,

On Tue, Oct 05, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
> 
> Regression caused by e7daece858070d71cecf6ade4f0e3c93272c53ac:
> 
> ==23899== Use of uninitialised value of size 4
> ==23899==    at 0x49CD888: _itoa_word (_itoa.c:196)
> ==23899==    by 0x49D1109: vfprintf (vfprintf.c:1613)
> ==23899==    by 0x4A7506C: __vsprintf_chk (vsprintf_chk.c:86)
> ==23899==    by 0x4A74FAC: __sprintf_chk (sprintf_chk.c:33)
> ==23899==    by 0x4830E08: ba2str (stdio2.h:34)
> ==23899==    by 0x1496B3: set_pin_length (security.c:514)
> ==23899==    by 0x168399: pincode_cb (dbus-hci.c:179)
> ==23899==    by 0x162E0D: pincode_cb (device.c:2135)
> ==23899==    by 0x15AD55: pincode_reply (agent.c:416)
> ==23899==    by 0x49467E0: ??? (in /lib/libdbus-1.so.3.5.2)
> ==23899==    by 0x4934975: ??? (in /lib/libdbus-1.so.3.5.2)
> ==23899==    by 0x4937B81: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2)
> ==23899==
> ==23899== Conditional jump or move depends on uninitialised value(s)
> ==23899==    at 0x49CD893: _itoa_word (_itoa.c:196)
> ==23899==    by 0x49D1109: vfprintf (vfprintf.c:1613)
> ==23899==    by 0x4A7506C: __vsprintf_chk (vsprintf_chk.c:86)
> ==23899==    by 0x4A74FAC: __sprintf_chk (sprintf_chk.c:33)
> ==23899==    by 0x4830E08: ba2str (stdio2.h:34)
> ==23899==    by 0x1496B3: set_pin_length (security.c:514)
> ==23899==    by 0x168399: pincode_cb (dbus-hci.c:179)
> ==23899==    by 0x162E0D: pincode_cb (device.c:2135)
> ==23899==    by 0x15AD55: pincode_reply (agent.c:416)
> ==23899==    by 0x49467E0: ??? (in /lib/libdbus-1.so.3.5.2)
> ==23899==    by 0x4934975: ??? (in /lib/libdbus-1.so.3.5.2)
> ==23899==    by 0x4937B81: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2)
> ---
>  src/dbus-hci.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)

Thanks for the patch. It's now upstream along with another patch to
clean up the logic in this function. Strange that the compiler didn't
catch this issue. Unfortunately we just made a 4.74 release so I guess
there'll be a 4.75 out soonish.

Johan

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-10-05  8:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-05  7:40 [PATCH] Fix use of uninitialised variable on legacy pairing Luiz Augusto von Dentz
2010-10-05  8:20 ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox