[PATCH BlueZ v1 1/3] tools/tester: Fix crash when hciemu_new fails

Linux bluetooth development
 help / color / mirror / Atom feed

From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH BlueZ v1 1/3] tools/tester: Fix crash when hciemu_new fails
Date: Wed,  6 May 2026 15:41:48 -0400	[thread overview]
Message-ID: <20260506194150.1701855-1-luiz.dentz@gmail.com> (raw)

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When hciemu_new returns NULL, the mgmt object was not being unreferenced
before returning from the pre-setup failure path. This could lead to a
NULL dereference in read_info_callback when it later calls
hciemu_get_address on the NULL hciemu pointer.

Add mgmt_unref and return to the error path across all testers.
---
 tools/6lowpan-tester.c  | 2 ++
 tools/bnep-tester.c     | 3 +++
 tools/ioctl-tester.c    | 3 +++
 tools/iso-tester.c      | 2 ++
 tools/l2cap-tester.c    | 3 +++
 tools/mesh-tester.c     | 3 +++
 tools/mgmt-tester.c     | 3 +++
 tools/rfcomm-tester.c   | 3 +++
 tools/sco-tester.c      | 2 ++
 tools/smp-tester.c      | 3 +++
 tools/userchan-tester.c | 3 +++
 11 files changed, 30 insertions(+)

diff --git a/tools/6lowpan-tester.c b/tools/6lowpan-tester.c
index 65dba173b18e..2b43719f153e 100644
--- a/tools/6lowpan-tester.c
+++ b/tools/6lowpan-tester.c
@@ -181,6 +181,8 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
 		return;
 	}
 
diff --git a/tools/bnep-tester.c b/tools/bnep-tester.c
index 2a9b843098f4..581f54c20829 100644
--- a/tools/bnep-tester.c
+++ b/tools/bnep-tester.c
@@ -162,6 +162,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/ioctl-tester.c b/tools/ioctl-tester.c
index e0627eef5bdc..969fbd955b76 100644
--- a/tools/ioctl-tester.c
+++ b/tools/ioctl-tester.c
@@ -230,6 +230,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/iso-tester.c b/tools/iso-tester.c
index 4c30e9951bcb..8dfea0b417f0 100644
--- a/tools/iso-tester.c
+++ b/tools/iso-tester.c
@@ -637,6 +637,8 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
 		return;
 	}
 
diff --git a/tools/l2cap-tester.c b/tools/l2cap-tester.c
index c3aa96f84ea0..5c013d4704e5 100644
--- a/tools/l2cap-tester.c
+++ b/tools/l2cap-tester.c
@@ -217,6 +217,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/mesh-tester.c b/tools/mesh-tester.c
index 7c42dff76fb1..27628b627957 100644
--- a/tools/mesh-tester.c
+++ b/tools/mesh-tester.c
@@ -419,6 +419,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		test_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
index 90dfa35272c0..213fd996b032 100644
--- a/tools/mgmt-tester.c
+++ b/tools/mgmt-tester.c
@@ -431,6 +431,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		test_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/rfcomm-tester.c b/tools/rfcomm-tester.c
index 25b3a41e0f4f..06e9fbdd6143 100644
--- a/tools/rfcomm-tester.c
+++ b/tools/rfcomm-tester.c
@@ -167,6 +167,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/sco-tester.c b/tools/sco-tester.c
index 3d6b590924db..f09ba04aeaf7 100644
--- a/tools/sco-tester.c
+++ b/tools/sco-tester.c
@@ -195,6 +195,8 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
 		return;
 	}
 
diff --git a/tools/smp-tester.c b/tools/smp-tester.c
index 04b7ee088705..aaf149c0deb7 100644
--- a/tools/smp-tester.c
+++ b/tools/smp-tester.c
@@ -185,6 +185,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
diff --git a/tools/userchan-tester.c b/tools/userchan-tester.c
index f61d2779ed26..a03f64d84c0b 100644
--- a/tools/userchan-tester.c
+++ b/tools/userchan-tester.c
@@ -156,6 +156,9 @@ static void read_index_list_callback(uint8_t status, uint16_t length,
 	if (!data->hciemu) {
 		tester_warn("Failed to setup HCI emulation");
 		tester_pre_setup_failed();
+		mgmt_unref(data->mgmt);
+		data->mgmt = NULL;
+		return;
 	}
 
 	if (tester_use_debug())
-- 
2.53.0

next             reply	other threads:[~2026-05-06 19:42 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-06 19:41 Luiz Augusto von Dentz [this message]
2026-05-06 19:41 ` [PATCH BlueZ v1 2/3] emulator/hciemu: Add hciemu_new_debug/hciemu_new_num_debug Luiz Augusto von Dentz
2026-05-06 19:41 ` [PATCH BlueZ v1 3/3] tools/tester: Retry with debug on hciemu_new failure Luiz Augusto von Dentz
2026-05-06 21:12 ` [BlueZ,v1,1/3] tools/tester: Fix crash when hciemu_new fails bluez.test.bot
2026-05-07 16:10 ` [PATCH BlueZ v1 1/3] " patchwork-bot+bluetooth

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:65dba173b18 dfblob:2b43719f153 dfblob:2a9b843098f
dfblob:581f54c2082 dfblob:e0627eef5bd dfblob:969fbd955b7
dfblob:4c30e9951bc dfblob:8dfea0b417f dfblob:c3aa96f84ea
dfblob:5c013d4704e dfblob:7c42dff76fb dfblob:27628b62795
dfblob:90dfa35272c dfblob:213fd996b03 dfblob:25b3a41e0f4
dfblob:06e9fbdd614 dfblob:3d6b590924d dfblob:f09ba04aeaf
dfblob:04b7ee08870 dfblob:aaf149c0deb dfblob:f61d2779ed2
dfblob:a03f64d84c0 )
 OR (
bs:"[PATCH BlueZ v1 1/3] tools/tester: Fix crash when hciemu_new fails" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260506194150.1701855-1-luiz.dentz@gmail.com \
    --to=luiz.dentz@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox