[PATCH BlueZ v2 1/1] shared/shell: Fix SIGSEGV on invalid input

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

From: Wouter <wouter@xesxen.nl>
To: linux-bluetooth@vger.kernel.org
Cc: Wouter <wouter@xesxen.nl>
Subject: [PATCH BlueZ v2 1/1] shared/shell: Fix SIGSEGV on invalid input
Date: Thu, 19 Mar 2026 15:14:35 +0100	[thread overview]
Message-ID: <20260319141435.83060-2-wouter@xesxen.nl> (raw)
In-Reply-To: <20260319141435.83060-1-wouter@xesxen.nl>

This fixes a crash when handling "<space><tab>"

==3760495== Invalid read of size 1
==3760495==    at 0x4902187: strcmp (vg_replace_strmem.c:941)
==3760495==    by 0x4067408: menu_completion (shell.c:1126)
==3760495==    by 0x40675DE: shell_completion (shell.c:1177)
==3760495==    by 0x4B267AB: gen_completion_matches (complete.c:1282)
==3760495==    by 0x4B2F8C1: rl_complete_internal (complete.c:2104)
==3760495==    by 0x4B26B52: _rl_dispatch_subseq (readline.c:941)
==3760495==    by 0x4B27B71: readline_internal_char (readline.c:690)
==3760495==    by 0x4B48695: rl_callback_read_char (callback.c:275)
==3760495==    by 0x40655F2: bt_shell_input_line (shell.c:309)
==3760495==    by 0x406577E: input_read (shell.c:343)
==3760495==    by 0x4068CB4: watch_callback (io-glib.c:173)
==3760495==    by 0x49C1F4C: g_main_dispatch (gmain.c:3565)
==3760495==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
---
 src/shared/shell.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/shared/shell.c b/src/shared/shell.c
index b061f8001..87a8a310d 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -1122,6 +1122,9 @@ static char **menu_completion(const struct bt_shell_menu_entry *entry,
 {
 	char **matches = NULL;
 
+	if (argc == 0)
+		return NULL;
+
 	for (; entry->cmd; entry++) {
 		if (strcmp(entry->cmd, input_cmd))
 			continue;
@@ -1147,6 +1150,9 @@ static char **submenu_completion(const char *text, int argc, char *input_cmd)
 	if (data.main != data.menu)
 		return NULL;
 
+	if (!input_cmd)
+		return NULL;
+
 	cmd = strrchr(input_cmd, '.');
 	if (!cmd)
 		return NULL;
-- 
2.53.0

next prev parent reply	other threads:[~2026-03-19 14:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-19 14:14 [PATCH BlueZ v2 0/1] shared/shell: Fix SIGSEGV on invalid input Wouter
2026-03-19 14:14 ` Wouter [this message]
2026-03-19 15:54   ` bluez.test.bot
2026-03-19 17:50 ` [PATCH BlueZ v2 0/1] " patchwork-bot+bluetooth

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b061f800 dfblob:87a8a310 )
 OR (
bs:"[PATCH BlueZ v2 1/1] shared/shell: Fix SIGSEGV on invalid input" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260319141435.83060-2-wouter@xesxen.nl \
    --to=wouter@xesxen.nl \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox