[PATCH BlueZ 1/5] monitor: check data size properly in evt_num_completed_packets

[PATCH BlueZ 1/5] monitor: check data size properly in evt_num_completed_packets

[Pauli Virtanen]

Use util_iov_pull to check data size before dereferencing.
---
 monitor/analyze.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/monitor/analyze.c b/monitor/analyze.c
index 6c2ccca84..819d621cd 100644
--- a/monitor/analyze.c
+++ b/monitor/analyze.c
@@ -617,22 +617,24 @@ static void evt_le_enh_conn_complete(struct hci_dev *dev, struct timeval *tv,
 static void evt_num_completed_packets(struct hci_dev *dev, struct timeval *tv,
 					const void *data, uint16_t size)
 {
-	uint8_t num_handles = get_u8(data);
+	struct iovec iov = { .iov_base = (void *)data, .iov_len = size };
+	uint8_t num_handles;
 	int i;
 
-	data += sizeof(num_handles);
-	size -= sizeof(num_handles);
+	if (!util_iov_pull_u8(&iov, &num_handles))
+		return;
 
 	for (i = 0; i < num_handles; i++) {
-		uint16_t handle = get_le16(data);
-		uint16_t count = get_le16(data + 2);
+		uint16_t handle, count;
 		struct hci_conn *conn;
 		struct timeval res;
 		struct hci_conn_tx *last_tx;
 		int j;
 
-		data += 4;
-		size -= 4;
+		if (!util_iov_pull_le16(&iov, &handle))
+			return;
+		if (!util_iov_pull_le16(&iov, &count))
+			return;
 
 		conn = conn_lookup(dev, handle);
 		if (!conn)
-- 
2.53.0

[PATCH BlueZ 2/5] emulator: Remove assigned but unused variables

[Pauli Virtanen]

Remove unused variables that gcc -Wunused-but-set-variable and
-Wunused-but-set-parameter complain about.

Fixes build on gcc 16.
---
 emulator/bthost.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/emulator/bthost.c b/emulator/bthost.c
index b913c8015..2732b7f83 100644
--- a/emulator/bthost.c
+++ b/emulator/bthost.c
@@ -904,9 +904,8 @@ void bthost_send_cid(struct bthost *bthost, uint16_t handle, uint16_t cid,
 			l2conn->mode == L2CAP_MODE_LE_ENH_CRED)) {
 		uint16_t sdu_len = len;
 		uint16_t slen;
-		int i;
 
-		for (i = 0; iov.iov_len; i++) {
+		while (iov.iov_len) {
 			if (sdu_len)
 				slen = MIN(iov.iov_len,
 					l2conn->tx_mps - sizeof(sdu_len));
-- 
2.53.0

[PATCH BlueZ 3/5] monitor: Remove assigned but unused variables

[Pauli Virtanen]

Remove unused variables that gcc -Wunused-but-set-variable and
-Wunused-but-set-parameter complain about.

Fixes build on gcc 16.
---
 monitor/avctp.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/monitor/avctp.c b/monitor/avctp.c
index 874e217a7..6309275f6 100644
--- a/monitor/avctp.c
+++ b/monitor/avctp.c
@@ -803,7 +803,6 @@ static bool avrcp_get_capabilities(struct avctp_frame *avctp_frame,
 {
 	struct l2cap_frame *frame = &avctp_frame->l2cap_frame;
 	uint8_t cap, count;
-	int i;
 
 	if (!l2cap_frame_get_u8(frame, &cap))
 		return false;
@@ -835,7 +834,7 @@ static bool avrcp_get_capabilities(struct avctp_frame *avctp_frame,
 		}
 		break;
 	case 0x3:
-		for (i = 0; count > 0; count--, i++) {
+		for (; count > 0; count--) {
 			uint8_t event;
 
 			if (!l2cap_frame_get_u8(frame, &event))
@@ -858,7 +857,6 @@ static bool avrcp_list_player_attributes(struct avctp_frame *avctp_frame,
 {
 	struct l2cap_frame *frame = &avctp_frame->l2cap_frame;
 	uint8_t num;
-	int i;
 
 	if (len == 0)
 		return true;
@@ -868,7 +866,7 @@ static bool avrcp_list_player_attributes(struct avctp_frame *avctp_frame,
 
 	print_field("%*cAttributeCount: 0x%02x", (indent - 8), ' ', num);
 
-	for (i = 0; num > 0; num--, i++) {
+	for (; num > 0; num--) {
 		uint8_t attr;
 
 		if (!l2cap_frame_get_u8(frame, &attr))
-- 
2.53.0

[PATCH BlueZ 4/5] src: Remove assigned but unused variables

[Pauli Virtanen]

Remove unused variables that gcc -Wunused-but-set-variable and
-Wunused-but-set-parameter complain about, or silence by void cast.

Fixes build on gcc 16.
---
 src/sdpd-request.c | 1 +
 src/shared/shell.c | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 7c632c2aa..c78bfdffa 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -263,6 +263,7 @@ static int extract_des(uint8_t *buf, int len, sdp_list_t **svcReqSeq, uint8_t *p
 			pSeq = sdp_list_append(pSeq, pElem);
 			numberOfElements++;
 			SDPDBG("No of elements : %d", numberOfElements);
+			(void)numberOfElements;
 
 			if (seqlen == data_size)
 				break;
diff --git a/src/shared/shell.c b/src/shared/shell.c
index 87a8a310d..2b8d1a45c 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -179,11 +179,10 @@ static const struct bt_shell_menu *find_menu(const char *name, size_t len,
 
 static char *menu_generator(const char *text, int state)
 {
-	static unsigned int index, len;
+	static unsigned int len;
 	static struct queue_entry *entry;
 
 	if (!state) {
-		index = 0;
 		len = strlen(text);
 		entry = (void *) queue_get_entries(data.submenus);
 	}
@@ -191,8 +190,6 @@ static char *menu_generator(const char *text, int state)
 	for (; entry; entry = entry->next) {
 		struct bt_shell_menu *menu = entry->data;
 
-		index++;
-
 		if (!strncmp(menu->name, text, len)) {
 			entry = entry->next;
 			return strdup(menu->name);
-- 
2.53.0

[PATCH BlueZ 5/5] tools: Remove assigned but unused variables

[Pauli Virtanen]

Remove unused variables that gcc -Wunused-but-set-variable and
-Wunused-but-set-parameter complain about.

Fixes build on gcc 16.
---
 tools/btsnoop.c  | 8 ++------
 tools/seq2bseq.c | 3 ---
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/tools/btsnoop.c b/tools/btsnoop.c
index 0bd28b65b..bac901ee2 100644
--- a/tools/btsnoop.c
+++ b/tools/btsnoop.c
@@ -266,7 +266,7 @@ static void command_extract_eir(const char *input)
 	ssize_t len;
 	uint32_t type, toread, flags;
 	uint16_t opcode;
-	int fd, count = 0;
+	int fd;
 
 	fd = open_btsnoop(input, &type);
 	if (fd < 0)
@@ -320,8 +320,6 @@ next_packet:
 				}
 			}
 			printf("\n");
-
-			count++;
 		}
 		break;
 	}
@@ -339,7 +337,7 @@ static void command_extract_ad(const char *input)
 	ssize_t len;
 	uint32_t type, toread, flags;
 	uint16_t opcode;
-	int fd, count = 0;
+	int fd;
 
 	fd = open_btsnoop(input, &type);
 	if (fd < 0)
@@ -392,8 +390,6 @@ next_packet:
 				}
 			}
 			printf("\n");
-
-			count++;
 		}
 		break;
 	}
diff --git a/tools/seq2bseq.c b/tools/seq2bseq.c
index 1806fd5a6..b4d293a32 100644
--- a/tools/seq2bseq.c
+++ b/tools/seq2bseq.c
@@ -59,7 +59,6 @@ static void convert_file(const char *input_path, const char *output_path)
 	const char *ptr;
 	FILE *fp;
 	struct stat st;
-	off_t cur = 0;
 	int fd;
 
 	if (output_path) {
@@ -124,8 +123,6 @@ static void convert_file(const char *input_path, const char *output_path)
 		if (!str)
 			break;
 
-		cur += strlen(str);
-
 		err = convert_line(fd, str);
 		if (err < 0) {
 			fprintf(stderr, "Failed to convert file (%s)\n",
-- 
2.53.0

RE: [BlueZ,1/5] monitor: check data size properly in evt_num_completed_packets

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 2059 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1077640

---Test result---

Test Summary:
CheckPatch                    PENDING   0.26 seconds
GitLint                       PENDING   0.26 seconds
BuildEll                      PASS      20.61 seconds
BluezMake                     PASS      631.40 seconds
MakeCheck                     PASS      18.41 seconds
MakeDistcheck                 PASS      246.49 seconds
CheckValgrind                 PASS      293.33 seconds
CheckSmatch                   WARNING   350.53 seconds
bluezmakeextell               PASS      184.29 seconds
IncrementalBuild              PENDING   0.27 seconds
ScanBuild                     PASS      1010.97 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/bthost.c:703:28: warning: Variable length array is used.emulator/bthost.c:704:32: warning: Variable length array is used.emulator/bthost.c:944:28: warning: Variable length array is used.emulator/bthost.c:978:28: warning: Variable length array is used.emulator/bthost.c:979:32: warning: Variable length array is used.src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):tools/seq2bseq.c:57:26: warning: Variable length array is used.
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



https://github.com/bluez/bluez/pull/2018/checks

---
Regards,
Linux Bluetooth

Re: [PATCH BlueZ 1/5] monitor: check data size properly in evt_num_completed_packets

[patchwork-bot+bluetooth]

Hello:

This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Mon,  6 Apr 2026 14:23:50 +0300 you wrote:
> Use util_iov_pull to check data size before dereferencing.
> ---
>  monitor/analyze.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)

Here is the summary with links:
  - [BlueZ,1/5] monitor: check data size properly in evt_num_completed_packets
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=0e37aab12463
  - [BlueZ,2/5] emulator: Remove assigned but unused variables
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=81111489faf4
  - [BlueZ,3/5] monitor: Remove assigned but unused variables
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=dfc5e135737b
  - [BlueZ,4/5] src: Remove assigned but unused variables
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=5a0932cc8e05
  - [BlueZ,5/5] tools: Remove assigned but unused variables
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=474f2ee8597b

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html