From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Subject: Re: [BlueZ v2 1/2] mpris-proxy: Fix possible crash
Date: Tue, 02 Jun 2026 12:40:38 +0200 [thread overview]
Message-ID: <c477047212e595bceabc178759be44793ea423d5.camel@hadess.net> (raw)
In-Reply-To: <20260505104847.2550550-1-hadess@hadess.net>
On Tue, 2026-05-05 at 12:48 +0200, Bastien Nocera wrote:
> find_player_by_obex() doesn't check whether session->obex is a valid
> pointer before dereferecing it, but all code paths that assign it use
There's a small typo here, any other comments on those 2 patches?
Any OBEX experts?
> create_obex_session() to assign it, a function that can fail.
>
> Check whether session->obex is null before dereferencing it.
>
> #0 find_player_by_obex at tools/mpris-proxy.c:2819
> #1 obex_property_changed at tools/mpris-proxy.c:2929
> #2 add_property at gdbus/client.c:373
> #3 update_properties at gdbus/client.c:399
> #5 properties_changed at gdbus/client.c:537
> #6 signal_filter at gdbus/watch.c:416
> #7 message_filter at gdbus/watch.c:566
> #10 message_dispatch at gdbus/mainloop.c:59
> #13 g_main_context_dispatch_unlocked at ../glib/gmain.c:4451
> #14 g_main_context_iterate_unlocked at ../glib/gmain.c:4516
>
> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2466640
> ---
> Changes since v1:
> - Fix missing space before = sign
>
> tools/mpris-proxy.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/tools/mpris-proxy.c b/tools/mpris-proxy.c
> index 1d7a421e9278..eb607347aa32 100644
> --- a/tools/mpris-proxy.c
> +++ b/tools/mpris-proxy.c
> @@ -2816,8 +2816,12 @@ static struct player
> *find_player_by_obex(const char *path)
> for (l = players; l; l = l->next) {
> struct player *player = l->data;
> struct obex_session *session = player->obex;
> - const char *obex_path =
> g_dbus_proxy_get_path(session->obex);
> + const char *obex_path = NULL;
>
> + if (session == NULL)
> + continue;
> +
> + obex_path = g_dbus_proxy_get_path(session->obex);
> if (g_str_has_prefix(path, obex_path))
> return player;
> }
prev parent reply other threads:[~2026-06-02 10:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 10:48 [BlueZ v2 1/2] mpris-proxy: Fix possible crash Bastien Nocera
2026-05-05 10:48 ` [BlueZ v2 2/2] mpris-proxy: Avoid session->obex dereference Bastien Nocera
2026-05-05 12:29 ` [BlueZ,v2,1/2] mpris-proxy: Fix possible crash bluez.test.bot
2026-06-02 10:40 ` Bastien Nocera [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c477047212e595bceabc178759be44793ea423d5.camel@hadess.net \
--to=hadess@hadess.net \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox