| Message ID | 20240621053404.13984-2-sarveshwar.bajaj@nxp.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | e453627223db0d6488d2bdb2847dfc0865047730 |
| Headers | show |
| Series | shared/util: Fix null pointer dereference in util_ltv_foreach() | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| tedd_an/CheckPatch | warning | WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line) #116: To address this issue added explicit checks for data at the beginning of the /github/workspace/src/src/13706854.patch total: 0 errors, 1 warnings, 8 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/src/13706854.patch has style problems, please review. NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. |
| tedd_an/GitLint | fail | WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 24: B1 Line exceeds max length (97>80): " #7 0x71d33511bc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)" 26: B1 Line exceeds max length (89>80): " #9 0x71d33511b2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)" 28: B1 Line exceeds max length (83>80): " #11 0x5631fc7397b6 in mainloop_run_with_signal src/shared/mainloop-notify.c:189" 30: B1 Line exceeds max length (90>80): " #13 0x71d334429d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58" |
| tedd_an/BuildEll | success | Build ELL PASS |
| tedd_an/BluezMake | success | Bluez Make PASS |
| tedd_an/MakeCheck | success | Bluez Make Check PASS |
| tedd_an/MakeDistcheck | success | Make Distcheck PASS |
| tedd_an/CheckValgrind | success | Check Valgrind PASS |
| tedd_an/CheckSmatch | success | CheckSparse PASS |
| tedd_an/bluezmakeextell | success | Make External ELL PASS |
| tedd_an/IncrementalBuild | success | Incremental Build PASS |
| tedd_an/ScanBuild | success | Scan Build PASS |
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=864134
---Test result---
Test Summary:
CheckPatch FAIL 1.42 seconds
GitLint FAIL 0.46 seconds
BuildEll PASS 24.68 seconds
BluezMake PASS 1661.48 seconds
MakeCheck PASS 12.99 seconds
MakeDistcheck PASS 181.61 seconds
CheckValgrind PASS 254.75 seconds
CheckSmatch PASS 357.37 seconds
bluezmakeextell PASS 120.74 seconds
IncrementalBuild PASS 1455.15 seconds
ScanBuild PASS 1083.74 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,v1,1/1] shared/util: Fix null pointer dereference in util_ltv_foreach()
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#116:
To address this issue added explicit checks for data at the beginning of the
/github/workspace/src/src/13706854.patch total: 0 errors, 1 warnings, 8 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13706854.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ,v1,1/1] shared/util: Fix null pointer dereference in util_ltv_foreach()
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
24: B1 Line exceeds max length (97>80): " #7 0x71d33511bc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)"
26: B1 Line exceeds max length (89>80): " #9 0x71d33511b2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)"
28: B1 Line exceeds max length (83>80): " #11 0x5631fc7397b6 in mainloop_run_with_signal src/shared/mainloop-notify.c:189"
30: B1 Line exceeds max length (90>80): " #13 0x71d334429d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58"
---
Regards,
Linux Bluetooth
diff --git a/src/shared/util.c b/src/shared/util.c index 30f054a5e..6e7634ad1 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -182,7 +182,7 @@ bool util_ltv_foreach(const uint8_t *data, uint8_t len, uint8_t *type, struct iovec iov; int i; - if (!func) + if (!func || !data) return false; iov.iov_base = (void *) data;
In the existing code, iov.iov_base is initialized with (void *) data, assuming data is always valid. However, if "data" happens to be NULL, dereferencing iov.iov_base in util_iov_pull_u8(&iov, &l) leading to segmentation fault. To address this issue added explicit checks for data at the beginning of the function to ensure its not NULL before proceeding with any operations. The following log was captured while running Broadcast Sink setup: ==79178==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5631fc6550b1 bp 0x7ffedd247450 sp 0x7ffedd2473a0 T0) ==79178==The signal is caused by a READ memory access. ==79178==Hint: address points to the zero page. #0 0x5631fc6550b1 in get_u8 src/shared/util.h:206 #1 0x5631fc6550b1 in util_iov_pull_u8 src/shared/util.c:680 #2 0x5631fc6552f7 in util_ltv_foreach src/shared/util.c:194 #3 0x5631fc4b57eb in parse_base profiles/audio/bap.c:1189 #4 0x5631fc4b57eb in iso_pa_sync_confirm_cb profiles/audio/bap.c:1253 #5 0x5631fc4d5990 in server_cb btio/btio.c:265 #6 0x5631fc4d5990 in server_cb btio/btio.c:242 #7 0x71d33511bc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) #8 0x71d3351712b7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xab2b7) #9 0x71d33511b2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2) #10 0x5631fc738ea8 in mainloop_run src/shared/mainloop-glib.c:66 #11 0x5631fc7397b6 in mainloop_run_with_signal src/shared/mainloop-notify.c:189 #12 0x5631fc355c3a in main src/main.c:1467 #13 0x71d334429d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #14 0x71d334429e3f in __libc_start_main_impl ../csu/libc-start.c:392 --- src/shared/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)