linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits
@ 2013-05-04 19:39 Anderson Lizardo
  2013-05-04 19:39 ` [PATCH BlueZ 2/2] gdbus: Fix using NULL DBusPendingCall when disconnected from D-Bus Anderson Lizardo
  2013-05-08  7:57 ` [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Johan Hedberg
  0 siblings, 2 replies; 3+ messages in thread
From: Anderson Lizardo @ 2013-05-04 19:39 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Anderson Lizardo

Fix this crash if D-Bus exits while the client is still connected to it:

==5570== Invalid read of size 1
==5570==    at 0x402D28E: strcmp (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5570==    by 0x4070E22: g_str_equal (ghash.c:1704)
==5570==    by 0x8055F61: message_filter (client.c:1123)
==5570==    by 0x4141500: dbus_connection_dispatch (in
/lib/i386-linux-gnu/libdbus-1.so.3.5.8)
==5570==    by 0x80506F7: message_dispatch (mainloop.c:76)
==5570==    by 0x4081A7E: g_timeout_dispatch (gmain.c:3882)
==5570==    by 0x4080D85: g_main_context_dispatch (gmain.c:2539)
==5570==    by 0x4081124: g_main_context_iterate.isra.21 (gmain.c:3146)
==5570==    by 0x408156A: g_main_loop_run (gmain.c:3340)
==5570==    by 0x41BF4D2: (below main) (libc-start.c:226)
==5570==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==5570==
==5570==
---
 gdbus/client.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/gdbus/client.c b/gdbus/client.c
index 55f1d89..a21b66a 100644
--- a/gdbus/client.c
+++ b/gdbus/client.c
@@ -1119,6 +1119,8 @@ static DBusHandlerResult message_filter(DBusConnection *connection,
 		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 
 	sender = dbus_message_get_sender(message);
+	if (sender == NULL)
+		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 
 	if (g_str_equal(sender, DBUS_SERVICE_DBUS) == TRUE) {
 		const char *interface, *member;
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH BlueZ 2/2] gdbus: Fix using NULL DBusPendingCall when disconnected from D-Bus
  2013-05-04 19:39 [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Anderson Lizardo
@ 2013-05-04 19:39 ` Anderson Lizardo
  2013-05-08  7:57 ` [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Johan Hedberg
  1 sibling, 0 replies; 3+ messages in thread
From: Anderson Lizardo @ 2013-05-04 19:39 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Anderson Lizardo

>From D-Bus documentation for dbus_connection_send_with_reply():

"Warning: if the connection is disconnected or you try to send Unix file
descriptors on a connection that does not support them, the
DBusPendingCall will be set to NULL, so be careful with this."

Fix these errors when killing D-Bus daemon with the client still
running:

process 5712: arguments to dbus_pending_call_set_notify() were
incorrect, assertion "pending != NULL" failed in file
../../dbus/dbus-pending-call.c line 596.
This is normally a bug in some application using the D-Bus library.
process 5712: arguments to dbus_pending_call_unref() were incorrect,
assertion "pending != NULL" failed in file
../../dbus/dbus-pending-call.c line 572.
This is normally a bug in some application using the D-Bus library.
---
 gdbus/client.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gdbus/client.c b/gdbus/client.c
index a21b66a..f700b7e 100644
--- a/gdbus/client.c
+++ b/gdbus/client.c
@@ -105,6 +105,11 @@ static gboolean modify_match(DBusConnection *conn, const char *member,
 		return FALSE;
 	}
 
+	if (call == NULL) {
+		dbus_message_unref(msg);
+		return FALSE;
+	}
+
 	dbus_pending_call_set_notify(call, modify_match_reply, NULL, NULL);
 	dbus_pending_call_unref(call);
 
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits
  2013-05-04 19:39 [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Anderson Lizardo
  2013-05-04 19:39 ` [PATCH BlueZ 2/2] gdbus: Fix using NULL DBusPendingCall when disconnected from D-Bus Anderson Lizardo
@ 2013-05-08  7:57 ` Johan Hedberg
  1 sibling, 0 replies; 3+ messages in thread
From: Johan Hedberg @ 2013-05-08  7:57 UTC (permalink / raw)
  To: Anderson Lizardo; +Cc: linux-bluetooth

Hi Lizardo,

On Sat, May 04, 2013, Anderson Lizardo wrote:
> Fix this crash if D-Bus exits while the client is still connected to it:
> 
> ==5570== Invalid read of size 1
> ==5570==    at 0x402D28E: strcmp (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==5570==    by 0x4070E22: g_str_equal (ghash.c:1704)
> ==5570==    by 0x8055F61: message_filter (client.c:1123)
> ==5570==    by 0x4141500: dbus_connection_dispatch (in
> /lib/i386-linux-gnu/libdbus-1.so.3.5.8)
> ==5570==    by 0x80506F7: message_dispatch (mainloop.c:76)
> ==5570==    by 0x4081A7E: g_timeout_dispatch (gmain.c:3882)
> ==5570==    by 0x4080D85: g_main_context_dispatch (gmain.c:2539)
> ==5570==    by 0x4081124: g_main_context_iterate.isra.21 (gmain.c:3146)
> ==5570==    by 0x408156A: g_main_loop_run (gmain.c:3340)
> ==5570==    by 0x41BF4D2: (below main) (libc-start.c:226)
> ==5570==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==5570==
> ==5570==
> ---
>  gdbus/client.c |    2 ++
>  1 file changed, 2 insertions(+)

Both patches have been applied. Thanks.

Johan

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-05-08  7:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-04 19:39 [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Anderson Lizardo
2013-05-04 19:39 ` [PATCH BlueZ 2/2] gdbus: Fix using NULL DBusPendingCall when disconnected from D-Bus Anderson Lizardo
2013-05-08  7:57 ` [PATCH BlueZ 1/2] gdbus: Fix segfault when D-Bus daemon exits Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).