From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-25.smtp.github.com (out-25.smtp.github.com [192.30.252.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DCB61A01BE for ; Tue, 14 Apr 2026 19:54:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.30.252.208 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776196470; cv=none; b=BXGy3+YJ2sVtaNoX3+S4Azo7f/LES/S6ZfTVicIkMNIl8+eeETyxYHg0CYpBpnc9GTOm90CVoQ5lzIkw/3fK2FqxFHOpHyJ+CoIuQcWWUMWrMihUwRc2OQ7d6XQytQbqkVOF7HYY+9hQs70HHlxJNUbPckQ+rXYrp2v/i8Pf8GI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776196470; c=relaxed/simple; bh=iW/1nQNiqOjqUGCAFVfQFPjUX+nfDLKn4wzZJPLKzWg=; h=Date:From:To:Message-ID:Subject:Mime-Version:Content-Type; b=iforkch92VBLDmBTiAltzUD5sJgG55d0VGZPZZRdd+M8f1pMI2UkDRLEStp6kK0fFhPtJGXoLEepY9WsfLl21rIYtL17w4ZuGJV8ir7hwd7s0X0CcuzTIZXqLZJadNap9eWIVW80+hNubl4G7pn/gfHne0G4TGmhPrr8Y7cIfBs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=github.com; spf=pass smtp.mailfrom=github.com; dkim=pass (1024-bit key) header.d=github.com header.i=@github.com header.b=G79gqL+v; arc=none smtp.client-ip=192.30.252.208 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=github.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=github.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=github.com header.i=@github.com header.b="G79gqL+v" Received: from github.com (hubbernetes-node-a91df83.ash1-iad.github.net [10.56.150.22]) by smtp.github.com (Postfix) with ESMTPA id BE1F2140E25 for ; Tue, 14 Apr 2026 12:54:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2023; t=1776196466; bh=OKB74hkDrgWYte9VNTTy/aYKJK9e45CnHwnV1ambgiY=; h=Date:From:To:Subject:List-Unsubscribe:From; b=G79gqL+vUDaazSBWU/1hjeLV12cDc02YC79rrG/ZkGLfUKu4qQjeCr54c/IuCtNpo EbJ3EkWGRuucku6THuezEj0mJyMXMKR1QyEi8Y/9j6NvBTcWC8uI0vNOZqRIagqAoo B35lmVD5v4Drve9BxwJuqVaTDE6RVKUhKuY9YRyQ= Date: Tue, 14 Apr 2026 12:54:26 -0700 From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Message-ID: Subject: [bluez/bluez] 64916d: bass: Fix crashing on BT_BASS_MOD_SRC Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-GitHub-Recipient-Address: linux-bluetooth@vger.kernel.org X-Auto-Response-Suppress: All Branch: refs/heads/1081219 Home: https://github.com/bluez/bluez Commit: 64916d787eb437b49954c0e87564d9e77ab3a060 https://github.com/bluez/bluez/commit/64916d787eb437b49954c0e87564d9e77ab3a060 Author: Luiz Augusto von Dentz Date: 2026-04-14 (Tue, 14 Apr 2026) Changed paths: M profiles/audio/bass.c Log Message: ----------- bass: Fix crashing on BT_BASS_MOD_SRC If assistant attempt o modify source the code would attempt to iterate over all valid range of BIS indexes which may lead to the following trace since the delegator maybe freed in the process: #0 queue_find (queue=, function=function@entry=0x58b8761109c0 , match_data=match_data@entry=0x3) at src/shared/queue.c:230 #1 0x000058b8761127fb in bass_update_bis_sync (bcast_src=, dg=) at profiles/audio/bass.c:1824 #2 handle_mod_src_req (data=, params=, bcast_src=0x58b894661be0) at profiles/audio/bass.c:1862 #3 cp_handler (bcast_src=0x58b894661be0, op=, params=, user_data=) at profiles/audio/bass.c:1910 #4 0x000058b8761bc978 in bass_handle_mod_src_op (bass=, attrib=, opcode=, id=, iov=, att=) at src/shared/bass.c:1069 To fix the code will now just interate at existing setups checking if they match the BIS index then adding/removing the stream so it is no longer possible to free the delegator before all setups are processed. To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications