[PATCH BlueZ] emulator: Fix uninitialised memory usage on inquiry

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH BlueZ] emulator: Fix uninitialised memory usage on inquiry
@ 2013-06-05 20:35 Anderson Lizardo
  2013-06-17 10:51 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Anderson Lizardo @ 2013-06-05 20:35 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Anderson Lizardo

This happens when using "btvirt -l2" and running "discoverable on" on
hci1 and "scan on" on hci0 using bluetoothctl:

==1870== Syscall param write(buf) points to uninitialised byte(s)
==1870==    at 0x4114443: __write_nocancel (syscall-template.S:82)
==1870==    by 0x804B503: send_packet (btdev.c:478)
==1870==    by 0x804B599: send_event (btdev.c:503)
==1870==    by 0x804B8C0: inquiry_complete (btdev.c:589)
==1870==    by 0x804C538: default_cmd (btdev.c:881)
==1870==    by 0x804E5DE: process_cmd (btdev.c:1559)
==1870==    by 0x804E646: btdev_receive_h4 (btdev.c:1577)
==1870==    by 0x804A487: vhci_read_callback (vhci.c:82)
==1870==    by 0x804923E: mainloop_run (mainloop.c:142)
==1870==    by 0x8048FD4: main (main.c:145)
==1870==  Address 0x41e4d0f is 15 bytes inside a block of size 258
alloc'd
==1870==    at 0x402B56C: malloc (vg_replace_malloc.c:270)
==1870==    by 0x804B531: send_event (btdev.c:490)
==1870==    by 0x804B8C0: inquiry_complete (btdev.c:589)
==1870==    by 0x804C538: default_cmd (btdev.c:881)
==1870==    by 0x804E5DE: process_cmd (btdev.c:1559)
==1870==    by 0x804E646: btdev_receive_h4 (btdev.c:1577)
==1870==    by 0x804A487: vhci_read_callback (vhci.c:82)
==1870==    by 0x804923E: mainloop_run (mainloop.c:142)
==1870==    by 0x8048FD4: main (main.c:145)
==1870==
---
 emulator/btdev.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index d88c853..6e00cc6 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -583,6 +583,7 @@ static void inquiry_complete(struct btdev *btdev, uint8_t status)
 			ir.pscan_rep_mode = 0x00;
 			ir.pscan_period_mode = 0x00;
 			memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
+			ir.clock_offset = 0x0000;
 			ir.rssi = -60;
 			memcpy(ir.data, btdev_list[i]->ext_inquiry_rsp, 240);
 
@@ -599,6 +600,7 @@ static void inquiry_complete(struct btdev *btdev, uint8_t status)
 			ir.pscan_rep_mode = 0x00;
 			ir.pscan_period_mode = 0x00;
 			memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
+			ir.clock_offset = 0x0000;
 			ir.rssi = -60;
 
 			send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT_WITH_RSSI,
@@ -612,6 +614,7 @@ static void inquiry_complete(struct btdev *btdev, uint8_t status)
 			ir.pscan_period_mode = 0x00;
 			ir.pscan_mode = 0x00;
 			memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
+			ir.clock_offset = 0x0000;
 
 			send_event(btdev, BT_HCI_EVT_INQUIRY_RESULT,
 							&ir, sizeof(ir));
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH BlueZ] emulator: Fix uninitialised memory usage on inquiry
  2013-06-05 20:35 [PATCH BlueZ] emulator: Fix uninitialised memory usage on inquiry Anderson Lizardo
@ 2013-06-17 10:51 ` Johan Hedberg
  0 siblings, 0 replies; 2+ messages in thread
From: Johan Hedberg @ 2013-06-17 10:51 UTC (permalink / raw)
  To: Anderson Lizardo; +Cc: linux-bluetooth

Hi Lizardo,

On Wed, Jun 05, 2013, Anderson Lizardo wrote:
> This happens when using "btvirt -l2" and running "discoverable on" on
> hci1 and "scan on" on hci0 using bluetoothctl:
> 
> ==1870== Syscall param write(buf) points to uninitialised byte(s)
> ==1870==    at 0x4114443: __write_nocancel (syscall-template.S:82)
> ==1870==    by 0x804B503: send_packet (btdev.c:478)
> ==1870==    by 0x804B599: send_event (btdev.c:503)
> ==1870==    by 0x804B8C0: inquiry_complete (btdev.c:589)
> ==1870==    by 0x804C538: default_cmd (btdev.c:881)
> ==1870==    by 0x804E5DE: process_cmd (btdev.c:1559)
> ==1870==    by 0x804E646: btdev_receive_h4 (btdev.c:1577)
> ==1870==    by 0x804A487: vhci_read_callback (vhci.c:82)
> ==1870==    by 0x804923E: mainloop_run (mainloop.c:142)
> ==1870==    by 0x8048FD4: main (main.c:145)
> ==1870==  Address 0x41e4d0f is 15 bytes inside a block of size 258
> alloc'd
> ==1870==    at 0x402B56C: malloc (vg_replace_malloc.c:270)
> ==1870==    by 0x804B531: send_event (btdev.c:490)
> ==1870==    by 0x804B8C0: inquiry_complete (btdev.c:589)
> ==1870==    by 0x804C538: default_cmd (btdev.c:881)
> ==1870==    by 0x804E5DE: process_cmd (btdev.c:1559)
> ==1870==    by 0x804E646: btdev_receive_h4 (btdev.c:1577)
> ==1870==    by 0x804A487: vhci_read_callback (vhci.c:82)
> ==1870==    by 0x804923E: mainloop_run (mainloop.c:142)
> ==1870==    by 0x8048FD4: main (main.c:145)
> ==1870==
> ---
>  emulator/btdev.c |    3 +++
>  1 file changed, 3 insertions(+)

Applied. Thanks.

Johan

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-06-17 10:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-05 20:35 [PATCH BlueZ] emulator: Fix uninitialised memory usage on inquiry Anderson Lizardo
2013-06-17 10:51 ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).