From: Pauli Virtanen <pav@iki.fi>
To: linux-bluetooth@vger.kernel.org
Cc: Pauli Virtanen <pav@iki.fi>
Subject: [PATCH BlueZ 6/6] shared/gatt-client: fix notify_data leak in notify_data_write_ccc
Date: Tue, 9 Dec 2025 23:15:23 +0200 [thread overview]
Message-ID: <4e23d70301077f50d37e71502c4a27f9ae8f31fd.1765314903.git.pav@iki.fi> (raw)
In-Reply-To: <cover.1765314903.git.pav@iki.fi>
Calling bt_gatt_client_unregister_notify() when ATT has disconnected
leaks the reference to notify_data: in notify_data_write_ccc() the
bt_gatt_client_write_value() fails, the destroy is never called, and
notify_data_ref() is leaked.
Fix by balancing unref notify_data on write failure.
Log (unit/test-mcp):
Direct leak of 5760 byte(s) in 90 object(s) allocated from:
#0 0x7fd7e2ce6f2b in malloc
#1 0x0000004227e5 in util_malloc src/shared/util.c:46
#2 0x00000044a81c in register_notify src/shared/gatt-client.c:1782
#3 0x000000458367 in bt_gatt_client_register_notify src/shared/gatt-client.c:3685
#4 0x00000049f9f5 in foreach_mcs_char src/shared/mcp.c:1834
---
src/shared/gatt-client.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index f6d5dc4b7..f8ebab3fa 100644
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -1691,6 +1691,9 @@ static bool notify_data_write_ccc(struct notify_data *notify_data, bool enable,
callback,
notify_data_ref(notify_data),
notify_data_unref);
+ if (!att_id)
+ notify_data_unref(notify_data);
+
notify_data->chrc->ccc_write_id = notify_data->att_id = att_id;
return !!att_id;
--
2.51.1
prev parent reply other threads:[~2025-12-09 21:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-09 21:15 [PATCH BlueZ 0/6] mcp: support multiple MCP and implement local GMCS Pauli Virtanen
2025-12-09 21:15 ` [PATCH BlueZ 1/6] shared/mcp: support multiple MCP, and add non-stub MCS server Pauli Virtanen
2025-12-09 21:34 ` mcp: support multiple MCP and implement local GMCS bluez.test.bot
2025-12-09 21:15 ` [PATCH BlueZ 2/6] test-mcp: add tests for MCP / MCS Pauli Virtanen
2025-12-09 21:15 ` [PATCH BlueZ 3/6] mcp: adapt to new MCP API to support multiple remote MCS services Pauli Virtanen
2025-12-09 21:26 ` Pauli Virtanen
2025-12-09 21:15 ` [PATCH BlueZ 4/6] avctp: move uinput utilities to uinput-util.c Pauli Virtanen
2025-12-09 21:15 ` [PATCH BlueZ 5/6] mcp: add local GMCS service that emits uinput media keys Pauli Virtanen
2025-12-09 21:15 ` Pauli Virtanen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e23d70301077f50d37e71502c4a27f9ae8f31fd.1765314903.git.pav@iki.fi \
--to=pav@iki.fi \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).