From: Johan Hedberg <johan.hedberg@gmail.com>
To: Miao-chen Chou <mcchou@google.com>
Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
"linux-bluetooth@vger.kernel.org"
<linux-bluetooth@vger.kernel.org>,
Luiz Augusto Von Dentz <luiz.von.dentz@intel.com>,
josephsih@chromium.org
Subject: Re: [PATCH 2/2] monitor/rfcomm: Fix a potential memory access issue
Date: Wed, 7 Dec 2016 23:07:09 +0200 [thread overview]
Message-ID: <20161207210708.GA28060@x1c.P-661HNU-F1> (raw)
In-Reply-To: <CAHgsZ+iww2CLrw==650Aq4FfQNiZJigVboc7ZTqsmV_1=3yKgw@mail.gmail.com>
Hi Miao,
On Wed, Dec 07, 2016, Miao-chen Chou wrote:
> The intention is to prevent accessing the addresses of pn.mtu and
> rpn.pm, where the LLVM compiler complains about the potential
> unaligned pointer value, and the use of temp variables ensures the
> alignment. The error message are
> monitor/rfcomm.c:241:36: error: taking address of packed member 'pm'
> of class or structure 'rfcomm_rpn' may result in an unaligned pointer
> value [-Werror,-Waddress-of-packed-member]
>
> [18/1998]
> if (!l2cap_frame_get_le16(frame, &rpn.pm))
> ^~~~~~
> monitor/rfcomm.c:293:36: error: taking address of packed member 'mtu'
> of class or structure 'rfcomm_pn' may result in an unaligned pointer
> value [-Werror,-Waddress-of-packed-member]
> if (!l2cap_frame_get_le16(frame, &pn.mtu))
It seems to me like there's no point in mcc_rpn() using the packed
rfcomm_rpn struct, since what it really wants is normal properly aligned
stack variables. So a more appropriate fix is probably to remote the
rfcomm_rpn struct usage and instead just declare the necessary "normal"
variables to fetch the necessary values from the frame. Another, perhaps
better alternative, is to use a struct rfcomm_rpn pointer to frame->data
and use l2cap_frame_pull() to advance the data pointer, i.e. something
like:
struct rfcomm_rpn *rpn;
if (frame->size < sizeof(*rpn))
return false;
rpn = frame->data;
l2cap_frame_pull(frame, frame, sizeof(*rpn))
...print content of rpn, utilizing get_le16() etc...
The downside of the above is that if you get an incomplete frame we
don't decode even the parts that we did receive. I'm not sure what's the
preferred policy with btmon decoding.
Johan
next prev parent reply other threads:[~2016-12-07 21:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-19 1:32 [PATCH] monitor/rfcomm: Fix a potential memory access issue mcchou
2016-11-21 10:06 ` Luiz Augusto von Dentz
2016-11-21 10:18 ` Luiz Augusto von Dentz
2016-12-03 2:08 ` [PATCH 2/2] " mcchou
2016-12-07 14:12 ` Luiz Augusto von Dentz
2016-12-07 20:27 ` Miao-chen Chou
2016-12-07 21:07 ` Johan Hedberg [this message]
2016-12-07 23:20 ` Miao-chen Chou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161207210708.GA28060@x1c.P-661HNU-F1 \
--to=johan.hedberg@gmail.com \
--cc=josephsih@chromium.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=luiz.von.dentz@intel.com \
--cc=mcchou@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).