[PATCH BlueZ 0/4] android: Minor fixes

[PATCH BlueZ 0/4] android: Minor fixes

[Anderson Lizardo]

Hi,

This patch set contains 2 patches fixing problems found while trying to run
android-tester on a system with some features disabled on the kernel. Two other
patches are simple cleanups.

Best Regards
Anderson Lizardo

Anderson Lizardo (4):
  android/tester: Fix crash on failure inside setup()
  android: Remove useless extra parenthesis
  android: Trivial replacement of tabs where spaces are expected
  emulator: Fix crash if socket(AF_ALG) is not support by the kernel

 android/android-tester.c |   91 +++++++++++++++++++++++++---------------------
 android/bluetooth.c      |    2 +-
 android/hidhost.c        |    2 +-
 android/ipc-tester.c     |    2 +-
 emulator/bthost.c        |    6 ++-
 5 files changed, 56 insertions(+), 47 deletions(-)

-- 
1.7.9.5

[PATCH BlueZ 1/4] android/tester: Fix crash on failure inside setup()

[Anderson Lizardo]

The various setup_* functions were still continuing even though setup()
failed and did not initialize data->if_bluetooth properly.

Also do a little refactoring by moving tester_setup_failed() calls to
the setup() callers, so they stay close to the other failure points and
not hidden deep into a helper function.

Crash detected by Valgrind:

==4959== Invalid read of size 4
==4959==    at 0x805967A: setup_base (android-tester.c:2029)
==4959==    by 0x8055541: setup_callback (tester.c:373)
==4959==    by 0x408348F: g_idle_dispatch (gmain.c:5250)
==4959==    by 0x4086A75: g_main_context_dispatch (gmain.c:3065)
==4959==    by 0x4086E14: g_main_context_iterate.isra.23 (gmain.c:3712)
==4959==    by 0x40872FA: g_main_loop_run (gmain.c:3906)
==4959==    by 0x41744D2: (below main) (libc-start.c:226)
==4959==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
---
 android/android-tester.c |   85 +++++++++++++++++++++++++---------------------
 1 file changed, 46 insertions(+), 39 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index aa953bf..e4f95ce 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -1951,8 +1951,7 @@ static bt_callbacks_t bt_callbacks = {
 	.le_test_mode_cb = NULL
 };
 
-
-static void setup(struct test_data *data)
+static bool setup(struct test_data *data)
 {
 	const hw_module_t *module;
 	hw_device_t *device;
@@ -1962,18 +1961,15 @@ static void setup(struct test_data *data)
 	int len;
 	int err;
 
-	if (pipe(signal_fd)) {
-		tester_setup_failed();
-		return;
-	}
+	if (pipe(signal_fd))
+		return false;
 
 	pid = fork();
 
 	if (pid < 0) {
 		close(signal_fd[0]);
 		close(signal_fd[1]);
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	if (pid == 0) {
@@ -1991,32 +1987,27 @@ static void setup(struct test_data *data)
 	len = read(signal_fd[0], buf, sizeof(buf));
 	if (len <= 0 || (strcmp(buf, EMULATOR_SIGNAL))) {
 		close(signal_fd[0]);
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	close(signal_fd[0]);
 
 	err = hw_get_module(BT_HARDWARE_MODULE_ID, &module);
-	if (err) {
-		tester_setup_failed();
-		return;
-	}
+	if (err)
+		return false;
 
 	err = module->methods->open(module, BT_HARDWARE_MODULE_ID, &device);
-	if (err) {
-		tester_setup_failed();
-		return;
-	}
+	if (err)
+		return false;
 
 	data->device = device;
 
 	data->if_bluetooth = ((bluetooth_device_t *)
 					device)->get_bluetooth_interface();
-	if (!data->if_bluetooth) {
-		tester_setup_failed();
-		return;
-	}
+	if (!data->if_bluetooth)
+		return false;
+
+	return true;
 }
 
 static void setup_base(const void *test_data)
@@ -2024,7 +2015,10 @@ static void setup_base(const void *test_data)
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2040,7 +2034,10 @@ static void setup_enabled_adapter(const void *test_data)
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2786,7 +2783,10 @@ static void setup_socket_interface(const void *test_data)
 	bt_status_t status;
 	const void *sock;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_socket_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2812,7 +2812,10 @@ static void setup_socket_interface_enabled(const void *test_data)
 	bt_status_t status;
 	const void *sock;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_socket_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -3158,41 +3161,42 @@ static bthh_callbacks_t bthh_callbacks = {
 	.virtual_unplug_cb = hidhost_virual_unplug_cb
 };
 
-static void setup_hidhost(const void *test_data)
+static bool setup_hidhost(const void *test_data)
 {
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 	const void *hid;
 
-	setup(data);
+	if (!setup(data))
+		return false;
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
 		data->if_bluetooth = NULL;
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	hid = data->if_bluetooth->get_profile_interface(BT_PROFILE_HIDHOST_ID);
-	if (!hid) {
-		tester_setup_failed();
-		return;
-	}
+	if (!hid)
+		return false;
 
 	data->if_hid = hid;
 
 	status = data->if_hid->init(&bthh_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
 		data->if_hid = NULL;
-		tester_setup_failed();
-		return;
+		return false;
 	}
+
+	return true;
 }
 
 static void setup_hidhost_interface(const void *test_data)
 {
-	setup_hidhost(test_data);
-	tester_setup_complete();
+	if (setup_hidhost(test_data))
+		tester_setup_complete();
+	else
+		tester_setup_failed();
 }
 
 #define HID_GET_REPORT_PROTOCOL		0x60
@@ -3437,7 +3441,10 @@ static void setup_hidhost_connect(const void *test_data)
 	struct test_data *data = tester_get_data();
 	struct bthost *bthost;
 
-	setup_hidhost(test_data);
+	if (!setup_hidhost(test_data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	bthost = hciemu_client_get_host(data->hciemu);
 
-- 
1.7.9.5

[PATCH BlueZ 2/4] android: Remove useless extra parenthesis

[Anderson Lizardo]

---
 android/android-tester.c |    4 ++--
 android/bluetooth.c      |    2 +-
 android/ipc-tester.c     |    2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index e4f95ce..ba9137a 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -518,7 +518,7 @@ static void emulator(int pipe, int hci_index)
 	memset(buf, 0, sizeof(buf));
 
 	len = read(fd, buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, "bluetooth.start=daemon")))
+	if (len <= 0 || strcmp(buf, "bluetooth.start=daemon"))
 		goto failed;
 
 	close(pipe);
@@ -1985,7 +1985,7 @@ static bool setup(struct test_data *data)
 	data->bluetoothd_pid = pid;
 
 	len = read(signal_fd[0], buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, EMULATOR_SIGNAL))) {
+	if (len <= 0 || strcmp(buf, EMULATOR_SIGNAL)) {
 		close(signal_fd[0]);
 		return false;
 	}
diff --git a/android/bluetooth.c b/android/bluetooth.c
index 4849dab..e2bf668 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -68,7 +68,7 @@
 #define DEFAULT_DISCOVERABLE_TIMEOUT 120
 
 #define BASELEN_PROP_CHANGED (sizeof(struct hal_ev_adapter_props_changed) \
-					+ (sizeof(struct hal_property)))
+					+ sizeof(struct hal_property))
 
 #define BASELEN_REMOTE_DEV_PROP (sizeof(struct hal_ev_remote_device_props) \
 					+ sizeof(struct hal_property))
diff --git a/android/ipc-tester.c b/android/ipc-tester.c
index ed0dd10..8d3e44d 100644
--- a/android/ipc-tester.c
+++ b/android/ipc-tester.c
@@ -264,7 +264,7 @@ static void emulator(int pipe, int hci_index)
 	memset(buf, 0, sizeof(buf));
 
 	len = read(fd, buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, "ctl.start=bluetoothd")))
+	if (len <= 0 || strcmp(buf, "ctl.start=bluetoothd"))
 		goto failed;
 
 	close(pipe);
-- 
1.7.9.5

[PATCH BlueZ 3/4] android: Trivial replacement of tabs where spaces are expected

[Anderson Lizardo]

---
 android/android-tester.c |    2 +-
 android/hidhost.c        |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index ba9137a..870ad8d 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -3459,7 +3459,7 @@ static void setup_hidhost_connect(const void *test_data)
 	bthost_write_scan_enable(bthost, 0x03);
 }
 
-static void hid_discon_cb(bt_bdaddr_t *bd_addr,	bthh_connection_state_t state)
+static void hid_discon_cb(bt_bdaddr_t *bd_addr, bthh_connection_state_t state)
 {
 	if (state == BTHH_CONN_STATE_DISCONNECTED)
 		tester_test_passed();
diff --git a/android/hidhost.c b/android/hidhost.c
index c01c563..fd70a1c 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -375,7 +375,7 @@ static void bt_hid_notify_get_report(struct hid_device *dev, uint8_t *buf,
 
 	if (!((buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_INPUT)) ||
 			(buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_OUTPUT)) ||
-			(buf[0]	== (HID_MSG_DATA | HID_DATA_TYPE_FEATURE)))) {
+			(buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_FEATURE)))) {
 		ev = g_malloc0(ev_len);
 		ev->status = buf[0];
 		bdaddr2android(&dev->dst, ev->bdaddr);
-- 
1.7.9.5

[PATCH BlueZ 4/4] emulator: Fix crash if socket(AF_ALG) is not support by the kernel

[Anderson Lizardo]

On this situation, smp_stop() was being called with NULL pointer.

Crash detected by valgrind:

==7925== Invalid read of size 4
==7925==    at 0x8052F18: smp_stop (smp.c:480)
==7925==    by 0x8052542: bthost_stop (bthost.c:2073)
==7925==    by 0x805521D: hciemu_unref (hciemu.c:372)
==7925==    by 0x8058C65: test_post_teardown (android-tester.c:464)
==7925==    by 0x8055DE7: tester_teardown_complete (tester.c:533)
==7925==    by 0x8055501: teardown_callback (tester.c:312)
==7925==    by 0x408348F: g_idle_dispatch (gmain.c:5250)
==7925==    by 0x4086A75: g_main_context_dispatch (gmain.c:3065)
==7925==    by 0x4086E14: g_main_context_iterate.isra.23 (gmain.c:3712)
==7925==    by 0x40872FA: g_main_loop_run (gmain.c:3906)
==7925==    by 0x41744D2: (below main) (libc-start.c:226)
==7925==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
---
 emulator/bthost.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/emulator/bthost.c b/emulator/bthost.c
index c4603ae..3ff2a36 100644
--- a/emulator/bthost.c
+++ b/emulator/bthost.c
@@ -2070,6 +2070,8 @@ bool bthost_connect_rfcomm(struct bthost *bthost, uint16_t handle,
 
 void bthost_stop(struct bthost *bthost)
 {
-	smp_stop(bthost->smp_data);
-	bthost->smp_data = NULL;
+	if (bthost->smp_data) {
+		smp_stop(bthost->smp_data);
+		bthost->smp_data = NULL;
+	}
 }
-- 
1.7.9.5

[PATCH BlueZ v2 0/4] android: Minor fixes

[Anderson Lizardo]

Hi,

Changes since v1:

* Rebased against current master
* Fixed typo in commit message

This patch set contains 2 patches fixing problems found while trying to run
android-tester on a system with some features disabled on the kernel. Two other
patches are simple cleanups.

Best Regards
Anderson Lizardo

Anderson Lizardo (4):
  android/tester: Fix crash on failure inside setup()
  android: Remove useless extra parenthesis
  android: Trivial replacement of tabs where spaces are expected
  emulator: Fix crash if socket(AF_ALG) is not supported by the kernel

 android/android-tester.c | 91 ++++++++++++++++++++++++++----------------------
 android/bluetooth.c      |  2 +-
 android/hidhost.c        |  2 +-
 android/ipc-tester.c     |  2 +-
 emulator/bthost.c        |  6 ++--
 5 files changed, 56 insertions(+), 47 deletions(-)

-- 
1.8.3.2

[PATCH BlueZ 1/4] android/tester: Fix crash on failure inside setup()

[Anderson Lizardo]

The various setup_* functions were still continuing even though setup()
failed and did not initialize data->if_bluetooth properly.

Also do a little refactoring by moving tester_setup_failed() calls to
the setup() callers, so they stay close to the other failure points and
not hidden deep into a helper function.

Crash detected by Valgrind:

==4959== Invalid read of size 4
==4959==    at 0x805967A: setup_base (android-tester.c:2029)
==4959==    by 0x8055541: setup_callback (tester.c:373)
==4959==    by 0x408348F: g_idle_dispatch (gmain.c:5250)
==4959==    by 0x4086A75: g_main_context_dispatch (gmain.c:3065)
==4959==    by 0x4086E14: g_main_context_iterate.isra.23 (gmain.c:3712)
==4959==    by 0x40872FA: g_main_loop_run (gmain.c:3906)
==4959==    by 0x41744D2: (below main) (libc-start.c:226)
==4959==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
---
 android/android-tester.c | 85 ++++++++++++++++++++++++++----------------------
 1 file changed, 46 insertions(+), 39 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index aa953bf..e4f95ce 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -1951,8 +1951,7 @@ static bt_callbacks_t bt_callbacks = {
 	.le_test_mode_cb = NULL
 };
 
-
-static void setup(struct test_data *data)
+static bool setup(struct test_data *data)
 {
 	const hw_module_t *module;
 	hw_device_t *device;
@@ -1962,18 +1961,15 @@ static void setup(struct test_data *data)
 	int len;
 	int err;
 
-	if (pipe(signal_fd)) {
-		tester_setup_failed();
-		return;
-	}
+	if (pipe(signal_fd))
+		return false;
 
 	pid = fork();
 
 	if (pid < 0) {
 		close(signal_fd[0]);
 		close(signal_fd[1]);
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	if (pid == 0) {
@@ -1991,32 +1987,27 @@ static void setup(struct test_data *data)
 	len = read(signal_fd[0], buf, sizeof(buf));
 	if (len <= 0 || (strcmp(buf, EMULATOR_SIGNAL))) {
 		close(signal_fd[0]);
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	close(signal_fd[0]);
 
 	err = hw_get_module(BT_HARDWARE_MODULE_ID, &module);
-	if (err) {
-		tester_setup_failed();
-		return;
-	}
+	if (err)
+		return false;
 
 	err = module->methods->open(module, BT_HARDWARE_MODULE_ID, &device);
-	if (err) {
-		tester_setup_failed();
-		return;
-	}
+	if (err)
+		return false;
 
 	data->device = device;
 
 	data->if_bluetooth = ((bluetooth_device_t *)
 					device)->get_bluetooth_interface();
-	if (!data->if_bluetooth) {
-		tester_setup_failed();
-		return;
-	}
+	if (!data->if_bluetooth)
+		return false;
+
+	return true;
 }
 
 static void setup_base(const void *test_data)
@@ -2024,7 +2015,10 @@ static void setup_base(const void *test_data)
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2040,7 +2034,10 @@ static void setup_enabled_adapter(const void *test_data)
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2786,7 +2783,10 @@ static void setup_socket_interface(const void *test_data)
 	bt_status_t status;
 	const void *sock;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_socket_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -2812,7 +2812,10 @@ static void setup_socket_interface_enabled(const void *test_data)
 	bt_status_t status;
 	const void *sock;
 
-	setup(data);
+	if (!setup(data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	status = data->if_bluetooth->init(&bt_socket_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
@@ -3158,41 +3161,42 @@ static bthh_callbacks_t bthh_callbacks = {
 	.virtual_unplug_cb = hidhost_virual_unplug_cb
 };
 
-static void setup_hidhost(const void *test_data)
+static bool setup_hidhost(const void *test_data)
 {
 	struct test_data *data = tester_get_data();
 	bt_status_t status;
 	const void *hid;
 
-	setup(data);
+	if (!setup(data))
+		return false;
 
 	status = data->if_bluetooth->init(&bt_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
 		data->if_bluetooth = NULL;
-		tester_setup_failed();
-		return;
+		return false;
 	}
 
 	hid = data->if_bluetooth->get_profile_interface(BT_PROFILE_HIDHOST_ID);
-	if (!hid) {
-		tester_setup_failed();
-		return;
-	}
+	if (!hid)
+		return false;
 
 	data->if_hid = hid;
 
 	status = data->if_hid->init(&bthh_callbacks);
 	if (status != BT_STATUS_SUCCESS) {
 		data->if_hid = NULL;
-		tester_setup_failed();
-		return;
+		return false;
 	}
+
+	return true;
 }
 
 static void setup_hidhost_interface(const void *test_data)
 {
-	setup_hidhost(test_data);
-	tester_setup_complete();
+	if (setup_hidhost(test_data))
+		tester_setup_complete();
+	else
+		tester_setup_failed();
 }
 
 #define HID_GET_REPORT_PROTOCOL		0x60
@@ -3437,7 +3441,10 @@ static void setup_hidhost_connect(const void *test_data)
 	struct test_data *data = tester_get_data();
 	struct bthost *bthost;
 
-	setup_hidhost(test_data);
+	if (!setup_hidhost(test_data)) {
+		tester_setup_failed();
+		return;
+	}
 
 	bthost = hciemu_client_get_host(data->hciemu);
 
-- 
1.8.3.2

[PATCH BlueZ 2/4] android: Remove useless extra parenthesis

[Anderson Lizardo]

---
 android/android-tester.c | 4 ++--
 android/bluetooth.c      | 2 +-
 android/ipc-tester.c     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index e4f95ce..ba9137a 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -518,7 +518,7 @@ static void emulator(int pipe, int hci_index)
 	memset(buf, 0, sizeof(buf));
 
 	len = read(fd, buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, "bluetooth.start=daemon")))
+	if (len <= 0 || strcmp(buf, "bluetooth.start=daemon"))
 		goto failed;
 
 	close(pipe);
@@ -1985,7 +1985,7 @@ static bool setup(struct test_data *data)
 	data->bluetoothd_pid = pid;
 
 	len = read(signal_fd[0], buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, EMULATOR_SIGNAL))) {
+	if (len <= 0 || strcmp(buf, EMULATOR_SIGNAL)) {
 		close(signal_fd[0]);
 		return false;
 	}
diff --git a/android/bluetooth.c b/android/bluetooth.c
index 339fd77..cb1b87a 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -74,7 +74,7 @@
 #define DEVICES_CACHE_MAX 300
 
 #define BASELEN_PROP_CHANGED (sizeof(struct hal_ev_adapter_props_changed) \
-					+ (sizeof(struct hal_property)))
+					+ sizeof(struct hal_property))
 
 #define BASELEN_REMOTE_DEV_PROP (sizeof(struct hal_ev_remote_device_props) \
 					+ sizeof(struct hal_property))
diff --git a/android/ipc-tester.c b/android/ipc-tester.c
index e1aeb2e..ec8d3ff 100644
--- a/android/ipc-tester.c
+++ b/android/ipc-tester.c
@@ -264,7 +264,7 @@ static void emulator(int pipe, int hci_index)
 	memset(buf, 0, sizeof(buf));
 
 	len = read(fd, buf, sizeof(buf));
-	if (len <= 0 || (strcmp(buf, "ctl.start=bluetoothd")))
+	if (len <= 0 || strcmp(buf, "ctl.start=bluetoothd"))
 		goto failed;
 
 	close(pipe);
-- 
1.8.3.2

[PATCH BlueZ 3/4] android: Trivial replacement of tabs where spaces are expected

[Anderson Lizardo]

---
 android/android-tester.c | 2 +-
 android/hidhost.c        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/android/android-tester.c b/android/android-tester.c
index ba9137a..870ad8d 100644
--- a/android/android-tester.c
+++ b/android/android-tester.c
@@ -3459,7 +3459,7 @@ static void setup_hidhost_connect(const void *test_data)
 	bthost_write_scan_enable(bthost, 0x03);
 }
 
-static void hid_discon_cb(bt_bdaddr_t *bd_addr,	bthh_connection_state_t state)
+static void hid_discon_cb(bt_bdaddr_t *bd_addr, bthh_connection_state_t state)
 {
 	if (state == BTHH_CONN_STATE_DISCONNECTED)
 		tester_test_passed();
diff --git a/android/hidhost.c b/android/hidhost.c
index 37b28a6..6d1088a 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -375,7 +375,7 @@ static void bt_hid_notify_get_report(struct hid_device *dev, uint8_t *buf,
 
 	if (!((buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_INPUT)) ||
 			(buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_OUTPUT)) ||
-			(buf[0]	== (HID_MSG_DATA | HID_DATA_TYPE_FEATURE)))) {
+			(buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_FEATURE)))) {
 		ev = g_malloc0(ev_len);
 		ev->status = buf[0];
 		bdaddr2android(&dev->dst, ev->bdaddr);
-- 
1.8.3.2

[PATCH BlueZ 4/4] emulator: Fix crash if socket(AF_ALG) is not supported by the kernel

[Anderson Lizardo]

In this situation, smp_stop() was being called with NULL pointer.

Crash detected by valgrind:

==7925== Invalid read of size 4
==7925==    at 0x8052F18: smp_stop (smp.c:480)
==7925==    by 0x8052542: bthost_stop (bthost.c:2073)
==7925==    by 0x805521D: hciemu_unref (hciemu.c:372)
==7925==    by 0x8058C65: test_post_teardown (android-tester.c:464)
==7925==    by 0x8055DE7: tester_teardown_complete (tester.c:533)
==7925==    by 0x8055501: teardown_callback (tester.c:312)
==7925==    by 0x408348F: g_idle_dispatch (gmain.c:5250)
==7925==    by 0x4086A75: g_main_context_dispatch (gmain.c:3065)
==7925==    by 0x4086E14: g_main_context_iterate.isra.23 (gmain.c:3712)
==7925==    by 0x40872FA: g_main_loop_run (gmain.c:3906)
==7925==    by 0x41744D2: (below main) (libc-start.c:226)
==7925==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
---
 emulator/bthost.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/emulator/bthost.c b/emulator/bthost.c
index c4603ae..3ff2a36 100644
--- a/emulator/bthost.c
+++ b/emulator/bthost.c
@@ -2070,6 +2070,8 @@ bool bthost_connect_rfcomm(struct bthost *bthost, uint16_t handle,
 
 void bthost_stop(struct bthost *bthost)
 {
-	smp_stop(bthost->smp_data);
-	bthost->smp_data = NULL;
+	if (bthost->smp_data) {
+		smp_stop(bthost->smp_data);
+		bthost->smp_data = NULL;
+	}
 }
-- 
1.8.3.2

Re: [PATCH BlueZ 4/4] emulator: Fix crash if socket(AF_ALG) is not supported by the kernel

[Johan Hedberg]

Hi Lizardo,

On Sat, Jan 25, 2014, Anderson Lizardo wrote:
> In this situation, smp_stop() was being called with NULL pointer.
> 
> Crash detected by valgrind:
> 
> ==7925== Invalid read of size 4
> ==7925==    at 0x8052F18: smp_stop (smp.c:480)
> ==7925==    by 0x8052542: bthost_stop (bthost.c:2073)
> ==7925==    by 0x805521D: hciemu_unref (hciemu.c:372)
> ==7925==    by 0x8058C65: test_post_teardown (android-tester.c:464)
> ==7925==    by 0x8055DE7: tester_teardown_complete (tester.c:533)
> ==7925==    by 0x8055501: teardown_callback (tester.c:312)
> ==7925==    by 0x408348F: g_idle_dispatch (gmain.c:5250)
> ==7925==    by 0x4086A75: g_main_context_dispatch (gmain.c:3065)
> ==7925==    by 0x4086E14: g_main_context_iterate.isra.23 (gmain.c:3712)
> ==7925==    by 0x40872FA: g_main_loop_run (gmain.c:3906)
> ==7925==    by 0x41744D2: (below main) (libc-start.c:226)
> ==7925==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
> ---
>  emulator/bthost.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

This patch has been applied. Thanks.

Johan

Re: [PATCH BlueZ 4/4] emulator: Fix crash if socket(AF_ALG) is not supported by the kernel

[Anderson Lizardo]

Hi Johan,

On Mon, Jan 27, 2014 at 1:59 PM, Johan Hedberg <johan.hedberg@gmail.com> wrote:
> This patch has been applied. Thanks.

Any comments on the other patches that touch android/* files?

Best Regards,
-- 
Anderson Lizardo
http://www.indt.org/?lang=en
INdT - Manaus - Brazil

Re: [PATCH BlueZ 4/4] emulator: Fix crash if socket(AF_ALG) is not supported by the kernel

[Szymon Janc]

Hi,

On Monday 27 of January 2014 16:03:59 Anderson Lizardo wrote:
> Hi Johan,
> 
> On Mon, Jan 27, 2014 at 1:59 PM, Johan Hedberg <johan.hedberg@gmail.com> 
wrote:
> > This patch has been applied. Thanks.
> 
> Any comments on the other patches that touch android/* files?

Applied as well, thanks.

-- 
BR
Szymon Janc