[BlueZ] mesh: Fix Seg Fault - App unattached IVIndex chg

Commit Message

Brian Gix July 3, 2020, 4:20 p.m. UTC

Object path to node interfaces do not exist unless the owning
application is attached.  This caused a Segmentation fault if IVIndex
change was signaled.

Crash output:

mesh/pb-adv.c:send_adv_segs() size: 01, CRC: 3e
mesh/pb-adv.c:pb_adv_packet() Link closed notification: 00
mesh/net.c:update_iv_ivu_state() iv_upd_state = IV_UPD_NORMAL

Program received signal SIGSEGV, Segmentation fault.
0xb6fbc1dc in strlen () from /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so
(gdb) backtrace
0  0xb6fbc1dc in strlen () from /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so
1  0x00448488 in l_str_hash (p=0x0) at ell/hashmap.c:168
2  0x00448980 in l_hashmap_lookup (hashmap=0x46b550, key=key@entry=0x0) at ell/hashmap.c:487
3  0x00444704 in _dbus_object_tree_property_changed (dbus=0x469438, path=0x0, interface_name=0x44bb74 "org.bluez.mesh.Node1", property_name=0x44aa18 "IVIndex") at ell/dbus-service.c:1196
4  0x0044545c in l_dbus_property_changed (dbus=<optimized out>, path=<optimized out>, interface=<optimized out>, property=<optimized out>) at ell/dbus-service.c:1804
5  0x0041805c in node_property_changed (node=<optimized out>, property=<optimized out>) at mesh/node.c:2392
6  0x0040c690 in update_iv_ivu_state (ivu=false, iv_index=0, net=0x46e240) at mesh/net.c:2569
7  process_beacon (net_ptr=0x46e240, user_data=0xbefff1e4) at mesh/net.c:2610
8  0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x40c468 <process_beacon>, user_data=user_data@entry=0xbefff1e4) at ell/queue.c:441
9  0x0040a848 in beacon_recv (user_data=<optimized out>, info=<optimized out>, data=<optimized out>, len=<optimized out>) at mesh/net.c:2647
10 0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x408bec <process_rx_callbacks>, function@entry=0x15463acd, user_data=user_data@entry=0xbefff230) at ell/queue.c:441
11 0x00409ec0 in process_rx (len=<optimized out>, data=0xbefff297 "+\001", addr=0xbefff258 "\260\362B", instant=4646248, rssi=-78 '\262', pvt=<optimized out>) at mesh/mesh-io-generic.c:121
12 event_adv_report (io=0x46c3c8, size=<optimized out>, buf=0xbefff255) at mesh/mesh-io-generic.c:159
13 event_callback (buf=<optimized out>, size=<optimized out>, user_data=0x46c3c8) at mesh/mesh-io- generic.c:172
14 0x0042ff58 in queue_foreach (queue=0x46d370, function=0x42f2b0 <process_notify>, user_data=user_data@entry= 0xbefff289) at src/shared/queue.c:219
15 0x0042f674 in process_event (size=<optimized out>, data=0xbefff283, hci=0x46c3d8) at src/shared/hci.c:258
16 io_read_callback (io=<optimized out>, user_data=0x46c3d8) at src/shared/hci.c:286
17 0x00432600 in io_callback (fd=<optimized out>, events=1, user_data=0x46d318) at ell/io.c:126
18 0x0043348c in l_main_iterate (timeout=<optimized out>) at ell/main.c:470
19 0x00433554 in l_main_run () at ell/main.c:520
20 l_main_run () at ell/main.c:502
21 0x004337b4 in l_main_run_with_signal (callback=<optimized out>, user_data=0x0) at ell/main.c:642
22 0x00404e90 in main (argc=<optimized out>, argv=<optimized out>) at mesh/main.c:269
(gdb)
---
 mesh/node.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

bluez.test.bot@gmail.com July 3, 2020, 4:48 p.m. UTC | #1

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
While we are preparing for reviewing the patches, we found the following
issue/warning.

Test Result:
checkpatch Failed

Outputs:
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#19: 
0  0xb6fbc1dc in strlen () from /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so

- total: 0 errors, 1 warnings, 8 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

Your patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.



---
Regards,
Linux Bluetooth

bluez.test.bot@gmail.com July 3, 2020, 4:48 p.m. UTC | #2

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
While we are preparing for reviewing the patches, we found the following
issue/warning.

Test Result:
checkgitlint Failed

Outputs:
18: B1 Line exceeds max length (92>80): "2  0x00448980 in l_hashmap_lookup (hashmap=0x46b550, key=key@entry=0x0) at ell/hashmap.c:487"
19: B1 Line exceeds max length (186>80): "3  0x00444704 in _dbus_object_tree_property_changed (dbus=0x469438, path=0x0, interface_name=0x44bb74 "org.bluez.mesh.Node1", property_name=0x44aa18 "IVIndex") at ell/dbus-service.c:1196"
20: B1 Line exceeds max length (165>80): "4  0x0044545c in l_dbus_property_changed (dbus=<optimized out>, path=<optimized out>, interface=<optimized out>, property=<optimized out>) at ell/dbus-service.c:1804"
21: B1 Line exceeds max length (107>80): "5  0x0041805c in node_property_changed (node=<optimized out>, property=<optimized out>) at mesh/node.c:2392"
22: B1 Line exceeds max length (93>80): "6  0x0040c690 in update_iv_ivu_state (ivu=false, iv_index=0, net=0x46e240) at mesh/net.c:2569"
24: B1 Line exceeds max length (149>80): "8  0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x40c468 <process_beacon>, user_data=user_data@entry=0xbefff1e4) at ell/queue.c:441"
25: B1 Line exceeds max length (140>80): "9  0x0040a848 in beacon_recv (user_data=<optimized out>, info=<optimized out>, data=<optimized out>, len=<optimized out>) at mesh/net.c:2647"
26: B1 Line exceeds max length (182>80): "10 0x00431edc in l_queue_foreach (queue=<optimized out>, function=0x408bec <process_rx_callbacks>, function@entry=0x15463acd, user_data=user_data@entry=0xbefff230) at ell/queue.c:441"
27: B1 Line exceeds max length (188>80): "11 0x00409ec0 in process_rx (len=<optimized out>, data=0xbefff297 "+\001", addr=0xbefff258 "\260\362B", instant=4646248, rssi=-78 '\262', pvt=<optimized out>) at mesh/mesh-io-generic.c:121"
28: B1 Line exceeds max length (101>80): "12 event_adv_report (io=0x46c3c8, size=<optimized out>, buf=0xbefff255) at mesh/mesh-io-generic.c:159"
29: B1 Line exceeds max length (112>80): "13 event_callback (buf=<optimized out>, size=<optimized out>, user_data=0x46c3c8) at mesh/mesh-io- generic.c:172"
30: B1 Line exceeds max length (148>80): "14 0x0042ff58 in queue_foreach (queue=0x46d370, function=0x42f2b0 <process_notify>, user_data=user_data@entry= 0xbefff289) at src/shared/queue.c:219"
31: B1 Line exceeds max length (108>80): "15 0x0042f674 in process_event (size=<optimized out>, data=0xbefff283, hci=0x46c3d8) at src/shared/hci.c:258"
32: B1 Line exceeds max length (84>80): "16 io_read_callback (io=<optimized out>, user_data=0x46c3d8) at src/shared/hci.c:286"
33: B1 Line exceeds max length (95>80): "17 0x00432600 in io_callback (fd=<optimized out>, events=1, user_data=0x46d318) at ell/io.c:126"
37: B1 Line exceeds max length (99>80): "21 0x004337b4 in l_main_run_with_signal (callback=<optimized out>, user_data=0x0) at ell/main.c:642"
38: B1 Line exceeds max length (85>80): "22 0x00404e90 in main (argc=<optimized out>, argv=<optimized out>) at mesh/main.c:269"



---
Regards,
Linux Bluetooth

Patch

diff --git a/mesh/node.c b/mesh/node.c
index 9f0f15070..3e888ce61 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -2388,7 +2388,7 @@  void node_property_changed(struct mesh_node *node, const char *property)
 {
 	struct l_dbus *bus = dbus_get_bus();
 
-	if (bus)
+	if (bus && node->obj_path)
 		l_dbus_property_changed(dbus_get_bus(), node->obj_path,
 						MESH_NODE_INTERFACE, property);
 }