From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH BlueZ v2 5/5] shared/bap: Too few arguments to formatting function
Date: Mon, 28 Apr 2025 15:51:22 -0400 [thread overview]
Message-ID: <20250428195122.2000808-5-luiz.dentz@gmail.com> (raw)
In-Reply-To: <20250428195122.2000808-1-luiz.dentz@gmail.com>
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Each call to the printf function, or a related function, should include
the number of arguments defined by the format. Passing the function more
arguments than required is harmless (although it may be indicative of
other defects). However, passing the function fewer arguments than are
defined by the format can be a security vulnerability since the function
will process the next item on the stack as the missing arguments.
Fixes: https://github.com/bluez/bluez/issues/1221
Fixes: https://github.com/bluez/bluez/issues/1222
---
src/shared/bap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index 4c5b38b1e3d2..2a08f3eea7b8 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -1630,7 +1630,8 @@ static bool bap_send(struct bt_bap *bap, struct bt_bap_req *req)
DBG(bap, "req %p len %u", req, iov.iov_len);
if (req->stream && !queue_find(bap->streams, NULL, req->stream)) {
- DBG(bap, "stream %p detached, aborting op 0x%02x", req->op);
+ DBG(bap, "stream %p detached, aborting op 0x%02x", req->stream,
+ req->op);
return false;
}
@@ -3138,7 +3139,7 @@ static uint8_t ascs_qos(struct bt_ascs *ascs, struct bt_bap *bap,
ep = bap_get_local_endpoint_id(bap, req->ase);
if (!ep) {
- DBG(bap, "%s: Invalid ASE ID 0x%02x", req->ase);
+ DBG(bap, "Invalid ASE ID 0x%02x", req->ase);
ascs_ase_rsp_add(rsp, req->ase,
BT_ASCS_RSP_INVALID_ASE, BT_ASCS_REASON_NONE);
return 0;
--
2.49.0
next prev parent reply other threads:[~2025-04-28 19:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-28 19:51 [PATCH BlueZ v2 1/5] main: Fix comparison of narrow type with wide type in loop condition Luiz Augusto von Dentz
2025-04-28 19:51 ` [PATCH BlueZ v2 2/5] client/mgmt: " Luiz Augusto von Dentz
2025-04-28 19:51 ` [PATCH BlueZ v2 3/5] test-runner: Fix potentially overflowing call to snprintf Luiz Augusto von Dentz
2025-04-28 19:51 ` [PATCH BlueZ v2 4/5] client/mgmt: " Luiz Augusto von Dentz
2025-04-28 19:51 ` Luiz Augusto von Dentz [this message]
2025-04-28 21:14 ` [BlueZ,v2,1/5] main: Fix comparison of narrow type with wide type in loop condition bluez.test.bot
2025-04-28 21:40 ` [PATCH BlueZ v2 1/5] " patchwork-bot+bluetooth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250428195122.2000808-5-luiz.dentz@gmail.com \
--to=luiz.dentz@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox