mbox series

[BlueZ,0/6,v4] Fix bugs found by SVACE static analisys tool

Message ID 20220401121647.3985682-1-i.kamaletdinov@omp.ru (mailing list archive)
Headers show
Series Fix bugs found by SVACE static analisys tool | expand

Message

Ildar Kamaletdinov April 1, 2022, 12:16 p.m. UTC 
This patch set includes few fixes that was found by Linux Verification Center
(linuxtesting.org) with the SVACE static analysis tool.

I have manually filtered out non-relevant and false positive problems and only
procedeed with bugs that currently lead to some errors/vulnerabilities or may
lead to them in some specific conditions.

Changelog:
[v4] one patch was dropped due to overchecking, seems that it is not required
[v3] one fix wasn't staged, sorry, one more fix after CI checks
[v2] some minor style fixes after CI check.
[v1] initial version.

Ildar Kamaletdinov (6):
  monitor: Fix out-of-bound read in print_le_states
  tools: Fix buffer overflow in hciattach_tialt.c
  tools: Fix signed integer overflow in btsnoop.c
  tools: Limit width of fields in sscanf
  device: Limit width of fields in sscanf
  gatt: Fix double free and freed memory dereference

 monitor/packet.c        |  7 ++++---
 src/device.c            | 14 +++++++-------
 src/gatt-database.c     |  4 ++++
 tools/btmgmt.c          |  2 +-
 tools/btsnoop.c         |  2 +-
 tools/hciattach_tialt.c |  3 ++-
 tools/hex2hcd.c         |  2 +-
 7 files changed, 20 insertions(+), 14 deletions(-)

Comments

patchwork-bot+bluetooth@kernel.org April 4, 2022, 5:14 p.m. UTC | #1 
Hello:

This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Fri, 1 Apr 2022 15:16:41 +0300 you wrote:
> This patch set includes few fixes that was found by Linux Verification Center
> (linuxtesting.org) with the SVACE static analysis tool.
> 
> I have manually filtered out non-relevant and false positive problems and only
> procedeed with bugs that currently lead to some errors/vulnerabilities or may
> lead to them in some specific conditions.
> 
> [...]

Here is the summary with links:
  - [BlueZ,1/6] monitor: Fix out-of-bound read in print_le_states
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=7fdfb67284a2
  - [BlueZ,2/6] tools: Fix buffer overflow in hciattach_tialt.c
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d328abaa1715
  - [BlueZ,3/6] tools: Fix signed integer overflow in btsnoop.c
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=497a0b220dbd
  - [BlueZ,4/6] tools: Limit width of fields in sscanf
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1e664b9838cd
  - [BlueZ,5/6] device: Limit width of fields in sscanf
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=4afbef7790ce
  - [BlueZ,6/6] gatt: Fix double free and freed memory dereference
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3627eddea130

You are awesome, thank you!