[PATCH BlueZ v1] hciemu: Fix crash if hciemu_client

Linux bluetooth development
 help / color / mirror / Atom feed

* [PATCH BlueZ v1] hciemu: Fix crash if hciemu_client_new return NULL
@ 2026-05-05 20:15 Luiz Augusto von Dentz
  2026-05-05 21:53 ` [BlueZ,v1] " bluez.test.bot
  2026-05-06 13:30 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth
  0 siblings, 2 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2026-05-05 20:15 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

The following crahs can be observed if hciemu_client_new fails:

 Invalid read of size 8
   at 0x12DA79: queue_get_entries (queue.c:356)
   by 0x118434: hciemu_get_client (hciemu.c:277)
   by 0x1184A3: hciemu_client_get_host (hciemu.c:301)
   by 0x11536B: setup_powered_common (l2cap-tester.c:1452)
   by 0x11568E: setup_powered_client (l2cap-tester.c:1491)
   by 0x1324C6: setup_callback (tester.c:500)
   by 0x48A304D: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
   by 0x48A33FF: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
   by 0x48A36F2: g_main_loop_run (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
   by 0x133868: mainloop_run (mainloop-glib.c:65)
   by 0x133C9F: mainloop_run_with_signal (mainloop-notify.c:196)
   by 0x13325F: tester_run (tester.c:1085)
  Address 0x4c1e388 is 8 bytes inside a block of size 32 free'd
   at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x1187BF: hciemu_new_num (hciemu.c:437)
---
 emulator/hciemu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/emulator/hciemu.c b/emulator/hciemu.c
index 01a8e80b727e..bff92286ed45 100644
--- a/emulator/hciemu.c
+++ b/emulator/hciemu.c
@@ -435,7 +435,9 @@ struct hciemu *hciemu_new_num(enum hciemu_type type, uint8_t num)
 
 		if (!client) {
 			queue_destroy(hciemu->clients, hciemu_client_destroy);
-			break;
+			queue_destroy(hciemu->post_command_hooks, NULL);
+			free(hciemu);
+			return NULL;
 		}
 
 		queue_push_tail(hciemu->clients, client);
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [BlueZ,v1] hciemu: Fix crash if hciemu_client_new return NULL
  2026-05-05 20:15 [PATCH BlueZ v1] hciemu: Fix crash if hciemu_client_new return NULL Luiz Augusto von Dentz
@ 2026-05-05 21:53 ` bluez.test.bot
  2026-05-06 13:30 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth
  1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2026-05-05 21:53 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz

[-- Attachment #1: Type: text/plain, Size: 2712 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1090113

---Test result---

Test Summary:
CheckPatch                    FAIL      0.66 seconds
GitLint                       FAIL      0.32 seconds
BuildEll                      PASS      19.99 seconds
BluezMake                     PASS      602.95 seconds
CheckSmatch                   PASS      320.60 seconds
bluezmakeextell               PASS      163.77 seconds
IncrementalBuild              PASS      603.35 seconds
ScanBuild                     PASS      908.15 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,v1] hciemu: Fix crash if hciemu_client_new return NULL
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#106: 
   by 0x48A304D: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)

/github/workspace/src/patch/14556374.patch total: 0 errors, 1 warnings, 10 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/patch/14556374.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ,v1] hciemu: Fix crash if hciemu_client_new return NULL

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
14: B1 Line exceeds max length (95>80): "   by 0x48A304D: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)"
16: B1 Line exceeds max length (87>80): "   by 0x48A36F2: g_main_loop_run (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)"
21: B1 Line exceeds max length (95>80): "   at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)"

https://github.com/bluez/bluez/pull/2099

---
Regards,
Linux Bluetooth

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH BlueZ v1] hciemu: Fix crash if hciemu_client_new return NULL
  2026-05-05 20:15 [PATCH BlueZ v1] hciemu: Fix crash if hciemu_client_new return NULL Luiz Augusto von Dentz
  2026-05-05 21:53 ` [BlueZ,v1] " bluez.test.bot
@ 2026-05-06 13:30 ` patchwork-bot+bluetooth
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+bluetooth @ 2026-05-06 13:30 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue,  5 May 2026 16:15:48 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> The following crahs can be observed if hciemu_client_new fails:
> 
>  Invalid read of size 8
>    at 0x12DA79: queue_get_entries (queue.c:356)
>    by 0x118434: hciemu_get_client (hciemu.c:277)
>    by 0x1184A3: hciemu_client_get_host (hciemu.c:301)
>    by 0x11536B: setup_powered_common (l2cap-tester.c:1452)
>    by 0x11568E: setup_powered_client (l2cap-tester.c:1491)
>    by 0x1324C6: setup_callback (tester.c:500)
>    by 0x48A304D: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
>    by 0x48A33FF: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
>    by 0x48A36F2: g_main_loop_run (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
>    by 0x133868: mainloop_run (mainloop-glib.c:65)
>    by 0x133C9F: mainloop_run_with_signal (mainloop-notify.c:196)
>    by 0x13325F: tester_run (tester.c:1085)
>   Address 0x4c1e388 is 8 bytes inside a block of size 32 free'd
>    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
>    by 0x1187BF: hciemu_new_num (hciemu.c:437)
> 
> [...]

Here is the summary with links:
  - [BlueZ,v1] hciemu: Fix crash if hciemu_client_new return NULL
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=6aa7f5b4e022

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-06 13:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-05 20:15 [PATCH BlueZ v1] hciemu: Fix crash if hciemu_client_new return NULL Luiz Augusto von Dentz
2026-05-05 21:53 ` [BlueZ,v1] " bluez.test.bot
2026-05-06 13:30 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox