[BlueZ PATCH 1/4] adapter: Fix the reusing gerror without re-initialization

[BlueZ PATCH 1/4] adapter: Fix the reusing gerror without re-initialization

[Tedd Ho-Jeong An]

From: Tedd Ho-Jeong An <tedd.an@intel.com>

When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.

This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.

Fixes: 2287c517ca1bd ("adapter: Fix unchecked return value")
Fixes: https://github.com/bluez/bluez/issues/276
---
 src/adapter.c | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/adapter.c b/src/adapter.c
index 3ee98431d..eef50f67a 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -4676,7 +4676,7 @@ static void load_devices(struct btd_adapter *adapter)
 		if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 			error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-			g_error_free(gerr);
+			g_clear_error(&gerr);
 		}
 
 		key_info = get_key_info(key_file, entry->d_name);
@@ -5662,7 +5662,7 @@ static void convert_names_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 	g_key_file_set_string(key_file, "General", "Name", value);
 
@@ -5895,7 +5895,7 @@ static void convert_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	set_device_type(key_file, type);
@@ -6001,7 +6001,7 @@ static void store_sdp_record(char *local, char *peer, int handle, char *value)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	sprintf(handle_str, "0x%8.8X", handle);
@@ -6085,7 +6085,7 @@ static void convert_sdp_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	store_attribute_uuid(key_file, start, end, prim_uuid, uuid);
@@ -6145,7 +6145,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	for (service = services; *service; service++) {
@@ -6170,7 +6170,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
 	if (!g_file_set_contents(filename, data, length, &gerr)) {
 		error("Unable set contents for %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	if (device_type < 0)
@@ -6185,7 +6185,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 	set_device_type(key_file, device_type);
 
@@ -6241,7 +6241,7 @@ static void convert_ccc_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	sprintf(group, "%hu", handle);
@@ -6297,7 +6297,7 @@ static void convert_gatt_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	sprintf(group, "%hu", handle);
@@ -6352,7 +6352,7 @@ static void convert_proximity_entry(char *key, char *value, void *user_data)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	g_key_file_set_string(key_file, alert, "Level", value);
@@ -6556,7 +6556,7 @@ static void load_config(struct btd_adapter *adapter)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	/* Get alias */
@@ -8313,7 +8313,7 @@ static void store_ltk_group(struct btd_adapter *adapter, const bdaddr_t *peer,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	for (i = 0; i < 16; i++)
@@ -8479,7 +8479,7 @@ static void store_csrk(struct btd_adapter *adapter, const bdaddr_t *peer,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	for (i = 0; i < 16; i++)
@@ -8657,7 +8657,7 @@ static void store_conn_param(struct btd_adapter *adapter, const bdaddr_t *peer,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	g_key_file_set_integer(key_file, "ConnectionParameters",
@@ -9316,7 +9316,7 @@ static void remove_keys(struct btd_adapter *adapter,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	if (type == BDADDR_BREDR) {
@@ -9418,7 +9418,7 @@ static bool get_static_addr(struct btd_adapter *adapter)
 								&gerr)) {
 		error("Unable to load key file from %s: (%s)",
 					STORAGEDIR "/addresses", gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 	addrs = g_key_file_get_string_list(file, "Static", mfg, &len, NULL);
 	if (addrs) {
-- 
2.25.1

[BlueZ PATCH 2/4] device: Fix the reusing gerror without re-initialization

[Tedd Ho-Jeong An]

From: Tedd Ho-Jeong An <tedd.an@intel.com>

When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.

This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.

Fixes: 6a154cd08000b ("device: Fix unchecked return value")
---
 src/device.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/device.c b/src/device.c
index 6d29eb896..6a7bdd207 100644
--- a/src/device.c
+++ b/src/device.c
@@ -543,7 +543,7 @@ void device_store_cached_name(struct btd_device *dev, const char *name)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	data_old = g_key_file_to_data(key_file, &length_old, NULL);
@@ -556,7 +556,7 @@ void device_store_cached_name(struct btd_device *dev, const char *name)
 		if (!g_file_set_contents(filename, data, length, &gerr)) {
 			error("Unable set contents for %s: (%s)", filename,
 								gerr->message);
-			g_error_free(gerr);
+			g_clear_error(&gerr);
 		}
 	}
 	g_free(data);
@@ -592,7 +592,7 @@ static void device_store_cached_name_resolve(struct btd_device *dev)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	failed_time = (uint64_t) dev->name_resolve_failed_time;
@@ -2666,7 +2666,7 @@ static void store_gatt_db(struct btd_device *device)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	/* Remove current attributes since it might have changed */
@@ -3635,7 +3635,7 @@ static void load_att_info(struct btd_device *device, const char *local,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 	groups = g_key_file_get_groups(key_file, NULL);
 
@@ -6163,7 +6163,7 @@ void device_store_svc_chng_ccc(struct btd_device *device, uint8_t bdaddr_type,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	/* for bonded devices this is done on every connection so limit writes
-- 
2.25.1

[BlueZ PATCH 3/4] profiles: Fix the reusing gerror without re-initialization

[Tedd Ho-Jeong An]

From: Tedd Ho-Jeong An <tedd.an@intel.com>

When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.

This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.

Fixes: 4ad622d592ba5 ("profiles/a2dp: Fix unchecked return value")
---
 profiles/audio/a2dp.c   | 4 ++--
 profiles/health/hdp.c   | 6 +++---
 profiles/input/device.c | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index d0808c77a..9fbcd35f7 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -832,7 +832,7 @@ static void store_remote_seps(struct a2dp_channel *chan)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	data = g_key_file_get_string(key_file, "Endpoints", "LastUsed",
@@ -1006,7 +1006,7 @@ static void store_last_used(struct a2dp_channel *chan, uint8_t lseid,
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 
 	sprintf(value, "%02hhx:%02hhx", lseid, rseid);
diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c
index 40b6cc18a..9d9d1e824 100644
--- a/profiles/health/hdp.c
+++ b/profiles/health/hdp.c
@@ -576,7 +576,7 @@ static void device_reconnect_mdl_cb(struct mcap_mdl *mdl, GError *err,
 					"Cannot reconnect: %s", gerr->message);
 	g_dbus_send_message(conn, reply);
 	hdp_tmp_dc_data_unref(dc_data);
-	g_error_free(gerr);
+	g_clear_error(&gerr);
 
 	/* Send abort request because remote side is now in PENDING state */
 	if (!mcap_mdl_abort(mdl, abort_mdl_cb, NULL, NULL, &gerr)) {
@@ -1766,7 +1766,7 @@ static void device_create_mdl_cb(struct mcap_mdl *mdl, uint8_t conf,
 		return;
 
 	error("%s", gerr->message);
-	g_error_free(gerr);
+	g_clear_error(&gerr);
 
 	reply = g_dbus_create_reply(hdp_conn->msg,
 					DBUS_TYPE_OBJECT_PATH, &hdp_chan->path,
@@ -1790,7 +1790,7 @@ fail:
 						ERROR_INTERFACE ".HealthError",
 						"%s", gerr->message);
 	g_dbus_send_message(conn, reply);
-	g_error_free(gerr);
+	g_clear_error(&gerr);
 
 	/* Send abort request because remote side is now in PENDING */
 	/* state. Then we have to delete it because we couldn't */
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 013899211..ff4aa771a 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -1053,7 +1053,7 @@ static int hidp_add_connection(struct input_device *idev)
 	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
 		error("Unable to load key file from %s: (%s)", filename,
 								gerr->message);
-		g_error_free(gerr);
+		g_clear_error(&gerr);
 	}
 	str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL);
 	g_key_file_free(key_file);
-- 
2.25.1

[BlueZ PATCH 4/4] device: Fix crash when removing device

[Tedd Ho-Jeong An]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Calling btd_adapter_remove_device from device_remove_connection can
cause a crash, so instead of removing it immediatelly this set a the
temporary timeout to 0.

Fixes: https://github.com/bluez/bluez/issues/290
---
 src/device.c | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/device.c b/src/device.c
index 6a7bdd207..52e2399dd 100644
--- a/src/device.c
+++ b/src/device.c
@@ -3200,6 +3200,28 @@ void device_add_connection(struct btd_device *dev, uint8_t bdaddr_type)
 								"Connected");
 }
 
+static bool device_disappeared(gpointer user_data)
+{
+	struct btd_device *dev = user_data;
+
+	dev->temporary_timer = 0;
+
+	btd_adapter_remove_device(dev->adapter, dev);
+
+	return FALSE;
+}
+
+static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
+{
+	clear_temporary_timer(dev);
+
+	if (!timeout)
+		return;
+
+	dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
+								dev, NULL);
+}
+
 void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
 {
 	struct bearer_state *state = get_state(device, bdaddr_type);
@@ -3285,7 +3307,7 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
 						DEVICE_INTERFACE, "Connected");
 
 	if (remove_device)
-		btd_adapter_remove_device(device->adapter, device);
+		set_temporary_timer(device, 0);
 }
 
 guint device_add_disconnect_watch(struct btd_device *device,
@@ -4590,28 +4612,6 @@ void device_set_le_support(struct btd_device *device, uint8_t bdaddr_type)
 	store_device_info(device);
 }
 
-static bool device_disappeared(gpointer user_data)
-{
-	struct btd_device *dev = user_data;
-
-	dev->temporary_timer = 0;
-
-	btd_adapter_remove_device(dev->adapter, dev);
-
-	return FALSE;
-}
-
-static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
-{
-	clear_temporary_timer(dev);
-
-	if (!timeout)
-		return;
-
-	dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
-								dev, NULL);
-}
-
 void device_update_last_seen(struct btd_device *device, uint8_t bdaddr_type)
 {
 	if (bdaddr_type == BDADDR_BREDR)
-- 
2.25.1

RE: [BlueZ,1/4] adapter: Fix the reusing gerror without re-initialization

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 4462 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=613281

---Test result---

Test Summary:
CheckPatch                    FAIL      5.88 seconds
GitLint                       PASS      3.93 seconds
Prep - Setup ELL              PASS      42.74 seconds
Build - Prep                  PASS      0.72 seconds
Build - Configure             PASS      8.53 seconds
Build - Make                  PASS      1372.70 seconds
Make Check                    PASS      11.35 seconds
Make Check w/Valgrind         PASS      438.47 seconds
Make Distcheck                PASS      225.85 seconds
Build w/ext ELL - Configure   PASS      8.50 seconds
Build w/ext ELL - Make        PASS      1361.92 seconds
Incremental Build with patchesPASS      5555.64 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Output:
[BlueZ,1/4] adapter: Fix the reusing gerror without re-initialization
WARNING:UNKNOWN_COMMIT_ID: Unknown commit id '2287c517ca1bd', maybe rebased or not pulled?
#88: 
Fixes: 2287c517ca1bd ("adapter: Fix unchecked return value")

/github/workspace/src/12742616.patch total: 0 errors, 1 warnings, 136 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12742616.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

[BlueZ,2/4] device: Fix the reusing gerror without re-initialization
WARNING:UNKNOWN_COMMIT_ID: Unknown commit id '6a154cd08000b', maybe rebased or not pulled?
#90: 
Fixes: 6a154cd08000b ("device: Fix unchecked return value")

/github/workspace/src/12742617.patch total: 0 errors, 1 warnings, 48 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12742617.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

[BlueZ,3/4] profiles: Fix the reusing gerror without re-initialization
WARNING:UNKNOWN_COMMIT_ID: Unknown commit id '4ad622d592ba5', maybe rebased or not pulled?
#90: 
Fixes: 4ad622d592ba5 ("profiles/a2dp: Fix unchecked return value")

/github/workspace/src/12742618.patch total: 0 errors, 1 warnings, 48 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12742618.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

[BlueZ,4/4] device: Fix crash when removing device
WARNING:TYPO_SPELLING: 'immediatelly' may be misspelled - perhaps 'immediately'?
#81: 
cause a crash, so instead of removing it immediatelly this set a the
                                         ^^^^^^^^^^^^

/github/workspace/src/12742619.patch total: 0 errors, 1 warnings, 64 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12742619.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.




---
Regards,
Linux Bluetooth

Re: [BlueZ PATCH 1/4] adapter: Fix the reusing gerror without re-initialization

[Paul Menzel]

Dear Tedd,


Am 11.02.22 um 01:18 schrieb Tedd Ho-Jeong An:
> From: Tedd Ho-Jeong An <tedd.an@intel.com>

I had a hard time to understand, what the git commit message summary 
meant. Maybe:

> adapter: Use g_clear_error() to set gerr to NULL to fix segfault


> When the GError variable is freeed with g_error_free(), it is not set to
> NULL and reusing the same variable again can cause the seg_fault because
> it is still pointing the old memory address which is freed.

Could you please include an example stack-/backtrace?

> This patch relaces the g_error_free() to g_clear_error() which frees the
> variable and set it to NULL if the variable is used in the function

set*s*

> again.
> 
> Fixes: 2287c517ca1bd ("adapter: Fix unchecked return value")
> Fixes: https://github.com/bluez/bluez/issues/276

To make the tags unambiguous, at least in the Linux kernel world, 
*Resolves* or *Closes* are used to refer to issues.


Kind regards,

Paul


> ---
>   src/adapter.c | 34 +++++++++++++++++-----------------
>   1 file changed, 17 insertions(+), 17 deletions(-)
> 
> diff --git a/src/adapter.c b/src/adapter.c
> index 3ee98431d..eef50f67a 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -4676,7 +4676,7 @@ static void load_devices(struct btd_adapter *adapter)
>   		if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   			error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -			g_error_free(gerr);
> +			g_clear_error(&gerr);
>   		}
>   
>   		key_info = get_key_info(key_file, entry->d_name);
> @@ -5662,7 +5662,7 @@ static void convert_names_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   	g_key_file_set_string(key_file, "General", "Name", value);
>   
> @@ -5895,7 +5895,7 @@ static void convert_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	set_device_type(key_file, type);
> @@ -6001,7 +6001,7 @@ static void store_sdp_record(char *local, char *peer, int handle, char *value)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	sprintf(handle_str, "0x%8.8X", handle);
> @@ -6085,7 +6085,7 @@ static void convert_sdp_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	store_attribute_uuid(key_file, start, end, prim_uuid, uuid);
> @@ -6145,7 +6145,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	for (service = services; *service; service++) {
> @@ -6170,7 +6170,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
>   	if (!g_file_set_contents(filename, data, length, &gerr)) {
>   		error("Unable set contents for %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	if (device_type < 0)
> @@ -6185,7 +6185,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   	set_device_type(key_file, device_type);
>   
> @@ -6241,7 +6241,7 @@ static void convert_ccc_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	sprintf(group, "%hu", handle);
> @@ -6297,7 +6297,7 @@ static void convert_gatt_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	sprintf(group, "%hu", handle);
> @@ -6352,7 +6352,7 @@ static void convert_proximity_entry(char *key, char *value, void *user_data)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	g_key_file_set_string(key_file, alert, "Level", value);
> @@ -6556,7 +6556,7 @@ static void load_config(struct btd_adapter *adapter)
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	/* Get alias */
> @@ -8313,7 +8313,7 @@ static void store_ltk_group(struct btd_adapter *adapter, const bdaddr_t *peer,
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	for (i = 0; i < 16; i++)
> @@ -8479,7 +8479,7 @@ static void store_csrk(struct btd_adapter *adapter, const bdaddr_t *peer,
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	for (i = 0; i < 16; i++)
> @@ -8657,7 +8657,7 @@ static void store_conn_param(struct btd_adapter *adapter, const bdaddr_t *peer,
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	g_key_file_set_integer(key_file, "ConnectionParameters",
> @@ -9316,7 +9316,7 @@ static void remove_keys(struct btd_adapter *adapter,
>   	if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
>   		error("Unable to load key file from %s: (%s)", filename,
>   								gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   
>   	if (type == BDADDR_BREDR) {
> @@ -9418,7 +9418,7 @@ static bool get_static_addr(struct btd_adapter *adapter)
>   								&gerr)) {
>   		error("Unable to load key file from %s: (%s)",
>   					STORAGEDIR "/addresses", gerr->message);
> -		g_error_free(gerr);
> +		g_clear_error(&gerr);
>   	}
>   	addrs = g_key_file_get_string_list(file, "Static", mfg, &len, NULL);
>   	if (addrs) {

Re: [BlueZ PATCH 1/4] adapter: Fix the reusing gerror without re-initialization

[Luiz Augusto von Dentz]

Hi Paul,

On Fri, Feb 11, 2022 at 8:41 AM Paul Menzel <pmenzel@molgen.mpg.de> wrote:
>
> Dear Tedd,
>
>
> Am 11.02.22 um 01:18 schrieb Tedd Ho-Jeong An:
> > From: Tedd Ho-Jeong An <tedd.an@intel.com>
>
> I had a hard time to understand, what the git commit message summary
> meant. Maybe:
>
> > adapter: Use g_clear_error() to set gerr to NULL to fix segfault
>
>
> > When the GError variable is freeed with g_error_free(), it is not set to
> > NULL and reusing the same variable again can cause the seg_fault because
> > it is still pointing the old memory address which is freed.
>
> Could you please include an example stack-/backtrace?

That is part of issue if you open the link:

https://github.com/bluez/bluez/issues/276#issue-1111278644

> > This patch relaces the g_error_free() to g_clear_error() which frees the
> > variable and set it to NULL if the variable is used in the function
>
> set*s*
>
> > again.
> >
> > Fixes: 2287c517ca1bd ("adapter: Fix unchecked return value")
> > Fixes: https://github.com/bluez/bluez/issues/276
>
> To make the tags unambiguous, at least in the Linux kernel world,
> *Resolves* or *Closes* are used to refer to issues.

But this is on kernel space, and afaik github uses *Fixes* instead to
auto close the issues, so I don't really follow what you are trying to
suggest here, or do you want github to start following Linux kernel
tags?

>
> Kind regards,
>
> Paul
>
>
> > ---
> >   src/adapter.c | 34 +++++++++++++++++-----------------
> >   1 file changed, 17 insertions(+), 17 deletions(-)
> >
> > diff --git a/src/adapter.c b/src/adapter.c
> > index 3ee98431d..eef50f67a 100644
> > --- a/src/adapter.c
> > +++ b/src/adapter.c
> > @@ -4676,7 +4676,7 @@ static void load_devices(struct btd_adapter *adapter)
> >               if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >                       error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -                     g_error_free(gerr);
> > +                     g_clear_error(&gerr);
> >               }
> >
> >               key_info = get_key_info(key_file, entry->d_name);
> > @@ -5662,7 +5662,7 @@ static void convert_names_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >       g_key_file_set_string(key_file, "General", "Name", value);
> >
> > @@ -5895,7 +5895,7 @@ static void convert_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       set_device_type(key_file, type);
> > @@ -6001,7 +6001,7 @@ static void store_sdp_record(char *local, char *peer, int handle, char *value)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       sprintf(handle_str, "0x%8.8X", handle);
> > @@ -6085,7 +6085,7 @@ static void convert_sdp_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       store_attribute_uuid(key_file, start, end, prim_uuid, uuid);
> > @@ -6145,7 +6145,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       for (service = services; *service; service++) {
> > @@ -6170,7 +6170,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
> >       if (!g_file_set_contents(filename, data, length, &gerr)) {
> >               error("Unable set contents for %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       if (device_type < 0)
> > @@ -6185,7 +6185,7 @@ static void convert_primaries_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >       set_device_type(key_file, device_type);
> >
> > @@ -6241,7 +6241,7 @@ static void convert_ccc_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       sprintf(group, "%hu", handle);
> > @@ -6297,7 +6297,7 @@ static void convert_gatt_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       sprintf(group, "%hu", handle);
> > @@ -6352,7 +6352,7 @@ static void convert_proximity_entry(char *key, char *value, void *user_data)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       g_key_file_set_string(key_file, alert, "Level", value);
> > @@ -6556,7 +6556,7 @@ static void load_config(struct btd_adapter *adapter)
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       /* Get alias */
> > @@ -8313,7 +8313,7 @@ static void store_ltk_group(struct btd_adapter *adapter, const bdaddr_t *peer,
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       for (i = 0; i < 16; i++)
> > @@ -8479,7 +8479,7 @@ static void store_csrk(struct btd_adapter *adapter, const bdaddr_t *peer,
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       for (i = 0; i < 16; i++)
> > @@ -8657,7 +8657,7 @@ static void store_conn_param(struct btd_adapter *adapter, const bdaddr_t *peer,
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       g_key_file_set_integer(key_file, "ConnectionParameters",
> > @@ -9316,7 +9316,7 @@ static void remove_keys(struct btd_adapter *adapter,
> >       if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
> >               error("Unable to load key file from %s: (%s)", filename,
> >                                                               gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >
> >       if (type == BDADDR_BREDR) {
> > @@ -9418,7 +9418,7 @@ static bool get_static_addr(struct btd_adapter *adapter)
> >                                                               &gerr)) {
> >               error("Unable to load key file from %s: (%s)",
> >                                       STORAGEDIR "/addresses", gerr->message);
> > -             g_error_free(gerr);
> > +             g_clear_error(&gerr);
> >       }
> >       addrs = g_key_file_get_string_list(file, "Static", mfg, &len, NULL);
> >       if (addrs) {



-- 
Luiz Augusto von Dentz

Re: [BlueZ PATCH 1/4] adapter: Fix the reusing gerror without re-initialization

[Paul Menzel]

Dear Luiz,


Am 11.02.22 um 21:30 schrieb Luiz Augusto von Dentz:

> On Fri, Feb 11, 2022 at 8:41 AM Paul Menzel <pmenzel@molgen.mpg.de> wrote:

>> Am 11.02.22 um 01:18 schrieb Tedd Ho-Jeong An:
>>> From: Tedd Ho-Jeong An <tedd.an@intel.com>
>>
>> I had a hard time to understand, what the git commit message summary
>> meant. Maybe:
>>
>>> adapter: Use g_clear_error() to set gerr to NULL to fix segfault
>>
>>
>>> When the GError variable is freeed with g_error_free(), it is not set to
>>> NULL and reusing the same variable again can cause the seg_fault because
>>> it is still pointing the old memory address which is freed.
>>
>> Could you please include an example stack-/backtrace?
> 
> That is part of issue if you open the link:
> 
> https://github.com/bluez/bluez/issues/276#issue-1111278644

Yes, I know. I prefer commit messages to be self-contained, as it’s 
never known if you are online or the Web service has problems or is shut 
down. But of course, if BlueZ does it differently, that is fine.

>>> This patch relaces the g_error_free() to g_clear_error() which frees the
>>> variable and set it to NULL if the variable is used in the function
>>
>> set*s*
>>
>>> again.
>>>
>>> Fixes: 2287c517ca1bd ("adapter: Fix unchecked return value")
>>> Fixes: https://github.com/bluez/bluez/issues/276
>>
>> To make the tags unambiguous, at least in the Linux kernel world,
>> *Resolves* or *Closes* are used to refer to issues.
> 
> But this is on kernel space, and afaik github uses *Fixes* instead to
> auto close the issues, so I don't really follow what you are trying to
> suggest here, or do you want github to start following Linux kernel
> tags?

GitHub already does. ;-) Resolves, Closes, Fixes all automatically close 
the referenced issue.

[…]


Kind regards,

Paul