From: "Frédéric Danis" <frederic.danis@collabora.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v4 0/2] Fix gatt-db munmap_chunk invalid pointer
Date: Thu, 11 Jan 2024 14:39:53 +0100 [thread overview]
Message-ID: <20240111133955.65686-1-frederic.danis@collabora.com> (raw)
PTS test GATT/CL/GAD/BV-03-C published a service starting at handle 0xfffd
and ending at 0xffff.
This resets the next_handle to 0 in gatt_db_insert_service() instead of
setting it to 0x10000. Other services are added later.
This could end-up by a crash in db_hash_update() if not enough space has
been allocated for hash.iov and some entries are overwritten.
Next_handle can be replaced by a last_handle variable which will not loop
over. This can be replaced by queue_peek_tail() and computing the value,
but keeping last_handle will avoid this sort of lookup.
Add a unit test to check regression.
v1 -> v2: Replace next_handle by last_handle
Check empty db using gatt_db_isempty(db) instead of
next_handle == 0
Add robustness unit test to check that gatt_db_get_hash()
doesn't crash
v2 -> v3: Fix line length checkpatch errors
v3 -> v4: Update commit comment to explain reason for keeping last_handle
Split unit test to its own commit
Rephrase db setup comment in unit test
Frédéric Danis (2):
shared/gatt-db: Fix munmap_chunk invalid pointer
unit/test-gatt: Add unordered setup db test
src/shared/gatt-db.c | 19 ++++++------
unit/test-gatt.c | 73 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 82 insertions(+), 10 deletions(-)
--
2.34.1
next reply other threads:[~2024-01-11 13:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-11 13:39 Frédéric Danis [this message]
2024-01-11 13:39 ` [PATCH v4 1/2] shared/gatt-db: Fix munmap_chunk invalid pointer Frédéric Danis
2024-01-11 15:17 ` Fix gatt-db " bluez.test.bot
2024-01-11 13:39 ` [PATCH v4 2/2] unit/test-gatt: Add unordered setup db test Frédéric Danis
2024-01-12 15:40 ` [PATCH v4 0/2] Fix gatt-db munmap_chunk invalid pointer patchwork-bot+bluetooth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240111133955.65686-1-frederic.danis@collabora.com \
--to=frederic.danis@collabora.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox