[BlueZ,v1] shared/bap: prevent dereferencing of NULL pointers in ascs_ase_read()

Commit Message

Roman Smirnov July 3, 2024, 9:03 a.m. UTC

If the user_data argument is NULL, a NULL pointer will
be dereferenced. It is necessary to prevent this case.

Found with the SVACE static analysis tool.
---
 src/shared/bap.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

Comments

bluez.test.bot@gmail.com July 3, 2024, 10:40 a.m. UTC | #1

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=867893

---Test result---

Test Summary:
CheckPatch                    PASS      1.57 seconds
GitLint                       PASS      0.49 seconds
BuildEll                      PASS      24.47 seconds
BluezMake                     PASS      1655.50 seconds
MakeCheck                     PASS      12.76 seconds
MakeDistcheck                 PASS      177.44 seconds
CheckValgrind                 PASS      251.55 seconds
CheckSmatch                   WARNING   353.10 seconds
bluezmakeextell               PASS      119.45 seconds
IncrementalBuild              PASS      1439.56 seconds
ScanBuild                     PASS      986.28 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/bap.c:286:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structuressrc/shared/bap.c:286:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structuressrc/shared/bap.c:286:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structures


---
Regards,
Linux Bluetooth

patchwork-bot+bluetooth@kernel.org July 3, 2024, 3:10 p.m. UTC | #2

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Wed, 3 Jul 2024 12:03:05 +0300 you wrote:
> If the user_data argument is NULL, a NULL pointer will
> be dereferenced. It is necessary to prevent this case.
> 
> Found with the SVACE static analysis tool.
> ---
>  src/shared/bap.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)

Here is the summary with links:
  - [BlueZ,v1] shared/bap: prevent dereferencing of NULL pointers in ascs_ase_read()
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=8a22c17bc996

You are awesome, thank you!

Patch

diff --git a/src/shared/bap.c b/src/shared/bap.c
index ec54da341..cb5ea9e84 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -805,12 +805,17 @@  static void ascs_ase_read(struct gatt_db_attribute *attrib,
 				void *user_data)
 {
 	struct bt_ase *ase = user_data;
-	struct bt_bap *bap = bap_get_session(att, ase->ascs->bdb->db);
-	struct bt_bap_endpoint *ep = bap_get_endpoint(bap->local_eps,
-							bap->ldb, attrib);
+	struct bt_bap *bap = NULL;
+	struct bt_bap_endpoint *ep = NULL;
 	struct bt_ascs_ase_status rsp;
 
-	if (!ase || !bap || !ep) {
+	if (ase)
+		bap = bap_get_session(att, ase->ascs->bdb->db);
+
+	if (bap)
+		ep = bap_get_endpoint(bap->local_eps, bap->ldb, attrib);
+
+	if (!ep) {
 		gatt_db_attribute_read_result(attrib, id, BT_ATT_ERROR_UNLIKELY,
 								NULL, 0);
 		return;