Linux bluetooth development
 help / color / mirror / Atom feed
From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Subject: Re: [BlueZ v2 1/2] mpris-proxy: Fix possible crash
Date: Tue, 02 Jun 2026 12:40:38 +0200	[thread overview]
Message-ID: <c477047212e595bceabc178759be44793ea423d5.camel@hadess.net> (raw)
In-Reply-To: <20260505104847.2550550-1-hadess@hadess.net>

On Tue, 2026-05-05 at 12:48 +0200, Bastien Nocera wrote:
> find_player_by_obex() doesn't check whether session->obex is a valid
> pointer before dereferecing it, but all code paths that assign it use

There's a small typo here, any other comments on those 2 patches?

Any OBEX experts?

> create_obex_session() to assign it, a function that can fail.
> 
> Check whether session->obex is null before dereferencing it.
> 
>  #0 find_player_by_obex at tools/mpris-proxy.c:2819
>  #1 obex_property_changed at tools/mpris-proxy.c:2929
>  #2 add_property at gdbus/client.c:373
>  #3 update_properties at gdbus/client.c:399
>  #5 properties_changed at gdbus/client.c:537
>  #6 signal_filter at gdbus/watch.c:416
>  #7 message_filter at gdbus/watch.c:566
>  #10 message_dispatch at gdbus/mainloop.c:59
>  #13 g_main_context_dispatch_unlocked at ../glib/gmain.c:4451
>  #14 g_main_context_iterate_unlocked at ../glib/gmain.c:4516
> 
> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2466640
> ---
> Changes since v1:
> - Fix missing space before = sign
> 
>  tools/mpris-proxy.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/mpris-proxy.c b/tools/mpris-proxy.c
> index 1d7a421e9278..eb607347aa32 100644
> --- a/tools/mpris-proxy.c
> +++ b/tools/mpris-proxy.c
> @@ -2816,8 +2816,12 @@ static struct player
> *find_player_by_obex(const char *path)
>  	for (l = players; l; l = l->next) {
>  		struct player *player = l->data;
>  		struct obex_session *session = player->obex;
> -		const char *obex_path =
> g_dbus_proxy_get_path(session->obex);
> +		const char *obex_path = NULL;
>  
> +		if (session == NULL)
> +			continue;
> +
> +		obex_path = g_dbus_proxy_get_path(session->obex);
>  		if (g_str_has_prefix(path, obex_path))
>  			return player;
>  	}

      parent reply	other threads:[~2026-06-02 10:40 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-05 10:48 [BlueZ v2 1/2] mpris-proxy: Fix possible crash Bastien Nocera
2026-05-05 10:48 ` [BlueZ v2 2/2] mpris-proxy: Avoid session->obex dereference Bastien Nocera
2026-05-05 12:29 ` [BlueZ,v2,1/2] mpris-proxy: Fix possible crash bluez.test.bot
2026-06-02 10:40 ` Bastien Nocera [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c477047212e595bceabc178759be44793ea423d5.camel@hadess.net \
    --to=hadess@hadess.net \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox