Bluetoothd crashing on 4.7

Bluetoothd crashing on 4.7

[Mario Limonciello]

[-- Attachment #1: Type: text/plain, Size: 662 bytes --]

Hi:

I recently packaged bluez 4.7 for possible inclusion in Ubuntu intrepid
[1].  Upon doing some basic testing with it, I've run into a situation
where when I try to pair with a keyboard, bluetoothd crashes.  If I run
it under valgrind, bluetoothd survives the crash, and the keyboard works
[2].  If I run it with gdb, it comes down, and I get a trace at
least[3].  If I run it without a debugger, keyboard doesn't properly work.

[1] https://bugs.edge.launchpad.net/~superm1/+archive
[2] http://paste.ubuntu.com/51091/
[3] http://paste.ubuntu.com/51090/

Regards
-- 
Mario Limonciello
*Dell | Linux Engineering*
mario_limonciello@dell.com


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: Bluetoothd crashing on 4.7

[Mario Limonciello]

[-- Attachment #1: Type: text/plain, Size: 663 bytes --]

So that this doesnt' get lost, I solved this myself on IRC.  The
attached patch resolves it.


/src/dbus-hci.c
=======================================

diff -Nur -x '*.orig' -x '*~' bluez-4.7/src/dbus-hci.c bluez-4.7.new/src/dbus-hci.c

--- bluez-4.7/src/dbus-hci.c	2008-09-26 00:39:55.000000000 -0500

+++ bluez-4.7.new/src/dbus-hci.c	2008-09-26 18:22:33.000000000 -0500

@@ -518,7 +518,7 @@

bonding = adapter_get_bonding_info(adapter);
- if (bacmp(&bonding->bdaddr, peer))
+ if (bonding && bacmp(&bonding->bdaddr, peer))
bonding = NULL;
if (status == 0) {

-- 
Mario Limonciello
*Dell | Linux Engineering*
mario_limonciello@dell.com


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: Bluetoothd crashing on 4.7

[Johan Hedberg]

[-- Attachment #1: Type: text/plain, Size: 757 bytes --]

Hi Mario,

On Sep 27, 2008, at 2:00, Mario Limonciello wrote:
> I recently packaged bluez 4.7 for possible inclusion in Ubuntu  
> intrepid
> [1].  Upon doing some basic testing with it, I've run into a situation
> where when I try to pair with a keyboard, bluetoothd crashes.  If I  
> run
> it under valgrind, bluetoothd survives the crash, and the keyboard  
> works
> [2].  If I run it with gdb, it comes down, and I get a trace at
> least[3].  If I run it without a debugger, keyboard doesn't properly  
> work.

This is probably caused by my cleanup/rewrite patches for the pairing  
logic in 4.7. Based on the gdb trace the attached patch should fix the  
issue. It's also pushed to the kernel.org git and should appear in the  
next release.

Johan

[-- Attachment #2: bluetoothd-segfault.patch --]
[-- Type: application/octet-stream, Size: 568 bytes --]

commit cccde44377fc5bb5d9db51ca6b4fcb790c7d24ba
Author: Johan Hedberg <johan.hedberg@nokia.com>
Date:   Sat Sep 27 14:08:42 2008 -0700

    Fix potential NULL pointer dereference

diff --git a/src/dbus-hci.c b/src/dbus-hci.c
index 795df0a..eea166e 100644
--- a/src/dbus-hci.c
+++ b/src/dbus-hci.c
@@ -518,7 +518,7 @@ void hcid_dbus_bonding_process_complete(bdaddr_t *local, bdaddr_t *peer,
 
 	bonding = adapter_get_bonding_info(adapter);
 
-	if (bacmp(&bonding->bdaddr, peer))
+	if (bonding && bacmp(&bonding->bdaddr, peer))
 		bonding = NULL;
 
 	if (status == 0) {

[-- Attachment #3: Type: text/plain, Size: 1 bytes --]