[PATCH 1/4] Fix possible NULL pointer deference

[PATCH 1/4] Fix possible NULL pointer deference

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>

Variable "os->driver" tracked as NULL.
---
 src/obex.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/obex.c b/src/obex.c
index 92d3b5c..8d12f8f 100644
--- a/src/obex.c
+++ b/src/obex.c
@@ -589,7 +589,9 @@ static int obex_read_stream(struct obex_session *os, obex_t *obex,
 	os->buf = g_realloc(os->buf, os->pending + size);
 	memcpy(os->buf + os->pending, buffer, size);
 	os->pending += size;
-	if (os->object == NULL) {
+
+	/* only write if both object and driver are valid */
+	if (os->object == NULL || os->driver == NULL) {
 		DBG("Stored %u bytes into temporary buffer", os->pending);
 		return 0;
 	}
-- 
1.7.1

[PATCH 2/4] Fix possible NULL pointer deference

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>

Variable "transfer" tracked as NULL was passed to function
"transfer_unregister" that dereferences it.
---
 client/session.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/client/session.c b/client/session.c
index 7539a97..ce3432d 100644
--- a/client/session.c
+++ b/client/session.c
@@ -1274,10 +1274,8 @@ int session_send(struct session_data *session, const char *filename,
 
 	transfer = transfer_register(session, filename, targetname, NULL,
 					NULL);
-	if (transfer == NULL) {
-		err = -EINVAL;
-		goto fail;
-	}
+	if (transfer == NULL)
+		return -EINVAL;
 
 	/* Transfer should start if it is the first in the pending list */
 	if (transfer != session->pending->data)
-- 
1.7.1

[PATCH 3/4] Fix dead statement

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>

Cannot reach dead statement "(*os->driver->close)(object);"
---
 src/obex.c |    8 +-------
 1 files changed, 1 insertions(+), 7 deletions(-)

diff --git a/src/obex.c b/src/obex.c
index 8d12f8f..41ba558 100644
--- a/src/obex.c
+++ b/src/obex.c
@@ -882,7 +882,7 @@ int obex_get_stream_start(struct obex_session *os, const char *filename)
 								&size, &err);
 	if (object == NULL) {
 		error("open(%s): %s (%d)", filename, strerror(-err), -err);
-		goto fail;
+		return err;
 	}
 
 	os->object = object;
@@ -893,12 +893,6 @@ int obex_get_stream_start(struct obex_session *os, const char *filename)
 		os->buf = g_malloc0(os->tx_mtu);
 
 	return 0;
-
-fail:
-	if (object)
-		os->driver->close(object);
-
-	return err;
 }
 
 int obex_put_stream_start(struct obex_session *os, const char *filename)
-- 
1.7.1

[PATCH 4/4] Fix possible use of uninitialized variables

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>

Using uninitialized value "hi" and "flags" in call to function
"OBEX_ObjectAddHeader".
---
 src/obex.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/obex.c b/src/obex.c
index 41ba558..3e9f5b6 100644
--- a/src/obex.c
+++ b/src/obex.c
@@ -670,6 +670,9 @@ add_header:
 	case OBEX_HDR_APPARAM:
 		flags =  0;
 		break;
+	default:
+		error("read(): unkown header type %u", hi);
+		return -EIO;
 	}
 
 	OBEX_ObjectAddHeader(obex, obj, hi, hd, len, flags);
-- 
1.7.1

Re: [PATCH 1/4] Fix possible NULL pointer deference

[Johan Hedberg]

Hi Luiz,

On Tue, Oct 12, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
> 
> Variable "os->driver" tracked as NULL.
> ---
>  src/obex.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)

Pushed upstream. Thanks.

Johan

Re: [PATCH 2/4] Fix possible NULL pointer deference

[Johan Hedberg]

Hi Luiz,

On Tue, Oct 12, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
> 
> Variable "transfer" tracked as NULL was passed to function
> "transfer_unregister" that dereferences it.
> ---
>  client/session.c |    6 ++----
>  1 files changed, 2 insertions(+), 4 deletions(-)

Pushed upstream. Thanks.

Johan

Re: [PATCH 3/4] Fix dead statement

[Johan Hedberg]

Hi Luiz,

On Tue, Oct 12, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
> 
> Cannot reach dead statement "(*os->driver->close)(object);"
> ---
>  src/obex.c |    8 +-------
>  1 files changed, 1 insertions(+), 7 deletions(-)

This one is also upstream.

Johan

Re: [PATCH 4/4] Fix possible use of uninitialized variables

[Johan Hedberg]

Hi Luiz,

On Tue, Oct 12, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
> 
> Using uninitialized value "hi" and "flags" in call to function
> "OBEX_ObjectAddHeader".
> ---
>  src/obex.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)

And this one has also been pushed upstream. Thanks.

Johan