[PATCH BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[PATCH BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[Pauli Virtanen]

btd_opts.experimental and testing are bool, not gboolean, which may
cause memory to be clobbered and crash.

Fix with separate variable for cmdline option.

Log:
ERROR: AddressSanitizer: BUS on unknown address
    #0 0x0000005b9914 in queue_find ../src/shared/queue.c:230
    #1 0x00000057c0ff in btd_kernel_experimental_enabled ../src/main.c:721
    #2 0x0000004ff52f in read_exp_features_complete ../src/adapter.c:10230
    #3 0x0000005be40b in request_complete ../src/shared/mgmt.c:306
---
 src/main.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main.c b/src/main.c
index 558bf2888..61e5ef983 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1330,6 +1330,8 @@ static char *option_noplugin = NULL;
 static char *option_configfile = NULL;
 static gboolean option_compat = FALSE;
 static gboolean option_detach = TRUE;
+static gboolean option_experimental = FALSE;
+static gboolean option_testing = FALSE;
 static gboolean option_version = FALSE;
 
 static void free_options(void)
@@ -1420,9 +1422,9 @@ static GOptionEntry options[] = {
 			"Specify an explicit path to the config file", "FILE"},
 	{ "compat", 'C', 0, G_OPTION_ARG_NONE, &option_compat,
 				"Provide deprecated command line interfaces" },
-	{ "experimental", 'E', 0, G_OPTION_ARG_NONE, &btd_opts.experimental,
+	{ "experimental", 'E', 0, G_OPTION_ARG_NONE, &option_experimental,
 				"Enable experimental D-Bus interfaces" },
-	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &btd_opts.testing,
+	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &option_testing,
 				"Enable testing D-Bus interfaces" },
 	{ "kernel", 'K', G_OPTION_FLAG_OPTIONAL_ARG, G_OPTION_ARG_CALLBACK,
 				parse_kernel_experimental,
@@ -1464,6 +1466,9 @@ int main(int argc, char *argv[])
 		exit(0);
 	}
 
+	btd_opts.experimental = option_experimental;
+	btd_opts.testing = option_testing;
+
 	umask(0077);
 
 	btd_backtrace_init();
-- 
2.51.1

RE: [BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 1262 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1030592

---Test result---

Test Summary:
CheckPatch                    PENDING   0.37 seconds
GitLint                       PENDING   0.32 seconds
BuildEll                      PASS      20.09 seconds
BluezMake                     PASS      654.14 seconds
MakeCheck                     PASS      22.06 seconds
MakeDistcheck                 PASS      252.50 seconds
CheckValgrind                 PASS      314.28 seconds
CheckSmatch                   PASS      365.87 seconds
bluezmakeextell               PASS      191.98 seconds
IncrementalBuild              PENDING   0.38 seconds
ScanBuild                     PASS      1083.67 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth

Re: [PATCH BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[patchwork-bot+bluetooth]

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Thu,  4 Dec 2025 22:38:09 +0200 you wrote:
> btd_opts.experimental and testing are bool, not gboolean, which may
> cause memory to be clobbered and crash.
> 
> Fix with separate variable for cmdline option.
> 
> Log:
> ERROR: AddressSanitizer: BUS on unknown address
>     #0 0x0000005b9914 in queue_find ../src/shared/queue.c:230
>     #1 0x00000057c0ff in btd_kernel_experimental_enabled ../src/main.c:721
>     #2 0x0000004ff52f in read_exp_features_complete ../src/adapter.c:10230
>     #3 0x0000005be40b in request_complete ../src/shared/mgmt.c:306
> 
> [...]

Here is the summary with links:
  - [BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c42a49a243e4

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Re: [PATCH BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[Bastien Nocera]

On Thu, 2025-12-04 at 22:38 +0200, Pauli Virtanen wrote:
> btd_opts.experimental and testing are bool, not gboolean, which may
> cause memory to be clobbered and crash.

Can you please explain why it crashes in the commit message?

IIRC, it's because a gboolean is a typedef for an int, and bool/_Bool
for a single bit.

> 
> Fix with separate variable for cmdline option.
> 
> Log:
> ERROR: AddressSanitizer: BUS on unknown address
>     #0 0x0000005b9914 in queue_find ../src/shared/queue.c:230
>     #1 0x00000057c0ff in btd_kernel_experimental_enabled
> ../src/main.c:721
>     #2 0x0000004ff52f in read_exp_features_complete
> ../src/adapter.c:10230
>     #3 0x0000005be40b in request_complete ../src/shared/mgmt.c:306
> ---
>  src/main.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/src/main.c b/src/main.c
> index 558bf2888..61e5ef983 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -1330,6 +1330,8 @@ static char *option_noplugin = NULL;
>  static char *option_configfile = NULL;
>  static gboolean option_compat = FALSE;
>  static gboolean option_detach = TRUE;
> +static gboolean option_experimental = FALSE;
> +static gboolean option_testing = FALSE;
>  static gboolean option_version = FALSE;
>  
>  static void free_options(void)
> @@ -1420,9 +1422,9 @@ static GOptionEntry options[] = {
>  			"Specify an explicit path to the config
> file", "FILE"},
>  	{ "compat", 'C', 0, G_OPTION_ARG_NONE, &option_compat,
>  				"Provide deprecated command line
> interfaces" },
> -	{ "experimental", 'E', 0, G_OPTION_ARG_NONE,
> &btd_opts.experimental,
> +	{ "experimental", 'E', 0, G_OPTION_ARG_NONE,
> &option_experimental,
>  				"Enable experimental D-Bus
> interfaces" },
> -	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &btd_opts.testing,
> +	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &option_testing,
>  				"Enable testing D-Bus interfaces" },
>  	{ "kernel", 'K', G_OPTION_FLAG_OPTIONAL_ARG,
> G_OPTION_ARG_CALLBACK,
>  				parse_kernel_experimental,
> @@ -1464,6 +1466,9 @@ int main(int argc, char *argv[])
>  		exit(0);
>  	}
>  
> +	btd_opts.experimental = option_experimental;
> +	btd_opts.testing = option_testing;
> +
>  	umask(0077);
>  
>  	btd_backtrace_init();

Re: [PATCH BlueZ] main: fix bool vs. gboolean type in g_option_context_parse()

[Pauli Virtanen]

pe, 2025-12-05 kello 16:13 +0100, Bastien Nocera kirjoitti:
> On Thu, 2025-12-04 at 22:38 +0200, Pauli Virtanen wrote:
> > btd_opts.experimental and testing are bool, not gboolean, which may
> > cause memory to be clobbered and crash.
> 
> Can you please explain why it crashes in the commit message?
> 
> IIRC, it's because a gboolean is a typedef for an int, and bool/_Bool
> for a single bit.

bool is 1 byte, gboolean 4, and writing to btd_opts.experimental
clobbers btd_kernel list head.

> 
> > 
> > Fix with separate variable for cmdline option.
> > 
> > Log:
> > ERROR: AddressSanitizer: BUS on unknown address
> >     #0 0x0000005b9914 in queue_find ../src/shared/queue.c:230
> >     #1 0x00000057c0ff in btd_kernel_experimental_enabled
> > ../src/main.c:721
> >     #2 0x0000004ff52f in read_exp_features_complete
> > ../src/adapter.c:10230
> >     #3 0x0000005be40b in request_complete ../src/shared/mgmt.c:306
> > ---
> >  src/main.c | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/main.c b/src/main.c
> > index 558bf2888..61e5ef983 100644
> > --- a/src/main.c
> > +++ b/src/main.c
> > @@ -1330,6 +1330,8 @@ static char *option_noplugin = NULL;
> >  static char *option_configfile = NULL;
> >  static gboolean option_compat = FALSE;
> >  static gboolean option_detach = TRUE;
> > +static gboolean option_experimental = FALSE;
> > +static gboolean option_testing = FALSE;
> >  static gboolean option_version = FALSE;
> >  
> >  static void free_options(void)
> > @@ -1420,9 +1422,9 @@ static GOptionEntry options[] = {
> >  			"Specify an explicit path to the config
> > file", "FILE"},
> >  	{ "compat", 'C', 0, G_OPTION_ARG_NONE, &option_compat,
> >  				"Provide deprecated command line
> > interfaces" },
> > -	{ "experimental", 'E', 0, G_OPTION_ARG_NONE,
> > &btd_opts.experimental,
> > +	{ "experimental", 'E', 0, G_OPTION_ARG_NONE,
> > &option_experimental,
> >  				"Enable experimental D-Bus
> > interfaces" },
> > -	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &btd_opts.testing,
> > +	{ "testing", 'T', 0, G_OPTION_ARG_NONE, &option_testing,
> >  				"Enable testing D-Bus interfaces" },
> >  	{ "kernel", 'K', G_OPTION_FLAG_OPTIONAL_ARG,
> > G_OPTION_ARG_CALLBACK,
> >  				parse_kernel_experimental,
> > @@ -1464,6 +1466,9 @@ int main(int argc, char *argv[])
> >  		exit(0);
> >  	}
> >  
> > +	btd_opts.experimental = option_experimental;
> > +	btd_opts.testing = option_testing;
> > +
> >  	umask(0077);
> >  
> >  	btd_backtrace_init();

-- 
Pauli Virtanen