diff mbox series

[BlueZ] transport: Fix crash with broadcast properties

Message ID 20230824050045.4019298-1-luiz.dentz@gmail.com (mailing list archive)
State Accepted
Commit c6741c40816bacb9a5c2a5d8f2d3b1ae5c4a6f36
Headers show
Series [BlueZ] transport: Fix crash with broadcast properties | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/BuildEll success Build ELL PASS
tedd_an/BluezMake success Bluez Make PASS
tedd_an/MakeCheck success Bluez Make Check PASS
tedd_an/MakeDistcheck success Make Distcheck PASS
tedd_an/CheckValgrind success Check Valgrind PASS
tedd_an/CheckSmatch success CheckSparse PASS
tedd_an/bluezmakeextell success Make External ELL PASS
tedd_an/IncrementalBuild success Incremental Build PASS
tedd_an/ScanBuild success Scan Build PASS

Commit Message

Luiz Augusto von Dentz Aug. 24, 2023, 5 a.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When connecting a BAP unicast stream the followin crash can be observed:

Access not within mapped region at address 0x1D4C0000000A
  at 0x14F759: get_bcode (transport.c:1121)
  by 0x1E02E4: append_property.isra.0 (object.c:498)
  by 0x1E03B9: append_properties (object.c:527)
  by 0x1E2AAB: g_dbus_get_properties (object.c:1811)
  by 0x14B9B6: pac_config (media.c:1130)
---
 profiles/audio/transport.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

Comments

bluez.test.bot@gmail.com Aug. 24, 2023, 6:30 a.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=778839

---Test result---

Test Summary:
CheckPatch                    PASS      0.61 seconds
GitLint                       PASS      0.39 seconds
BuildEll                      PASS      32.43 seconds
BluezMake                     PASS      1199.55 seconds
MakeCheck                     PASS      13.47 seconds
MakeDistcheck                 PASS      201.26 seconds
CheckValgrind                 PASS      315.99 seconds
CheckSmatch                   PASS      423.94 seconds
bluezmakeextell               PASS      126.42 seconds
IncrementalBuild              PASS      1015.92 seconds
ScanBuild                     PASS      1309.00 seconds



---
Regards,
Linux Bluetooth
patchwork-bot+bluetooth@kernel.org Aug. 24, 2023, 4:40 p.m. UTC | #2 
Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Wed, 23 Aug 2023 22:00:45 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> When connecting a BAP unicast stream the followin crash can be observed:
> 
> Access not within mapped region at address 0x1D4C0000000A
>   at 0x14F759: get_bcode (transport.c:1121)
>   by 0x1E02E4: append_property.isra.0 (object.c:498)
>   by 0x1E03B9: append_properties (object.c:527)
>   by 0x1E2AAB: g_dbus_get_properties (object.c:1811)
>   by 0x14B9B6: pac_config (media.c:1130)
> 
> [...]

Here is the summary with links:
  - [BlueZ] transport: Fix crash with broadcast properties
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c6741c40816b

You are awesome, thank you!
diff mbox series

Patch

diff --git a/profiles/audio/transport.c b/profiles/audio/transport.c
index f7a29ca83c2d..dd923b03ed9d 100644
--- a/profiles/audio/transport.c
+++ b/profiles/audio/transport.c
@@ -1199,7 +1199,7 @@  static gboolean get_timeout(const GDBusPropertyTable *property,
 	return TRUE;
 }
 
-static const GDBusPropertyTable bap_properties[] = {
+static const GDBusPropertyTable bap_ucast_properties[] = {
 	{ "Device", "o", get_device },
 	{ "UUID", "s", get_uuid },
 	{ "Codec", "y", get_codec },
@@ -1218,6 +1218,16 @@  static const GDBusPropertyTable bap_properties[] = {
 	{ "Location", "u", get_location },
 	{ "Metadata", "ay", get_metadata },
 	{ "Links", "ao", get_links, NULL, links_exists },
+	{ }
+};
+
+
+static const GDBusPropertyTable bap_bcast_properties[] = {
+	{ "Device", "o", get_device },
+	{ "UUID", "s", get_uuid },
+	{ "Codec", "y", get_codec },
+	{ "Configuration", "ay", get_configuration },
+	{ "State", "s", get_state },
 	{ "BIG", "y", get_big, NULL, qos_exists },
 	{ "BIS", "y", get_bis, NULL, qos_exists },
 	{ "SyncInterval", "y", get_sync_interval, NULL, qos_exists },
@@ -1229,6 +1239,9 @@  static const GDBusPropertyTable bap_properties[] = {
 	{ "SyncCteType", "y", get_sync_cte_type, NULL, qos_exists },
 	{ "MSE", "y", get_mse, NULL, qos_exists },
 	{ "Timeout", "q", get_timeout, NULL, qos_exists },
+	{ "Endpoint", "o", get_endpoint, NULL, endpoint_exists },
+	{ "Location", "u", get_location },
+	{ "Metadata", "ay", get_metadata },
 	{ }
 };
 
@@ -1876,12 +1889,15 @@  struct media_transport *media_transport_create(struct btd_device *device,
 			goto fail;
 		properties = a2dp_properties;
 	} else if (!strcasecmp(uuid, PAC_SINK_UUID) ||
-				!strcasecmp(uuid, PAC_SOURCE_UUID) ||
-				!strcasecmp(uuid, BCAA_SERVICE_UUID) ||
+				!strcasecmp(uuid, PAC_SOURCE_UUID)) {
+		if (media_transport_init_bap(transport, stream) < 0)
+			goto fail;
+		properties = bap_ucast_properties;
+	} else if (!strcasecmp(uuid, BCAA_SERVICE_UUID) ||
 				!strcasecmp(uuid, BAA_SERVICE_UUID)) {
 		if (media_transport_init_bap(transport, stream) < 0)
 			goto fail;
-		properties = bap_properties;
+		properties = bap_bcast_properties;
 	} else
 		goto fail;