linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* bluez static analysis: plugins/hciops.c:init_adapter()
@ 2012-01-24 12:29 Slawomir Bochenski
  2012-02-03 21:25 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Slawomir Bochenski @ 2012-01-24 12:29 UTC (permalink / raw)
  To: linux-bluetooth

In file plugins/hciops.c in function init_adapter(), at line 658,
there is following fragment:

	if (!dev->registered) {
		adapter = btd_manager_register_adapter(index);
		if (adapter)
			dev->registered = TRUE;
	} else {
		adapter = manager_find_adapter(&dev->bdaddr);
		/* FIXME: manager_find_adapter should return a new ref */
		btd_adapter_ref(adapter);
	}

	if (adapter == NULL)
		return FALSE;

btd_adapter_ref() directly dereferences adapter. In all other calls of
manager_find_adapter() in BlueZ code, returned value is checked for
NULL before any use.

Is it guaranteed here that manager_find_adapter() won't return NULL?

-- 
Slawomir Bochenski

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: bluez static analysis: plugins/hciops.c:init_adapter()
  2012-01-24 12:29 bluez static analysis: plugins/hciops.c:init_adapter() Slawomir Bochenski
@ 2012-02-03 21:25 ` Johan Hedberg
  0 siblings, 0 replies; 2+ messages in thread
From: Johan Hedberg @ 2012-02-03 21:25 UTC (permalink / raw)
  To: Slawomir Bochenski; +Cc: linux-bluetooth

Hi Slawek,

On Tue, Jan 24, 2012, Slawomir Bochenski wrote:
> In file plugins/hciops.c in function init_adapter(), at line 658,
> there is following fragment:
> 
> 	if (!dev->registered) {
> 		adapter = btd_manager_register_adapter(index);
> 		if (adapter)
> 			dev->registered = TRUE;
> 	} else {
> 		adapter = manager_find_adapter(&dev->bdaddr);
> 		/* FIXME: manager_find_adapter should return a new ref */
> 		btd_adapter_ref(adapter);
> 	}
> 
> 	if (adapter == NULL)
> 		return FALSE;
> 
> btd_adapter_ref() directly dereferences adapter. In all other calls of
> manager_find_adapter() in BlueZ code, returned value is checked for
> NULL before any use.
> 
> Is it guaranteed here that manager_find_adapter() won't return NULL?

In general a function called "find" can obviously return NULL even
though in this case it should be in practice impossible. For consistency
the check should be there though. Please send a patch.

Johan

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-03 21:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-24 12:29 bluez static analysis: plugins/hciops.c:init_adapter() Slawomir Bochenski
2012-02-03 21:25 ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).