| Context |
Check |
Description |
| tedd_an/pre-ci_am |
success
|
Success
|
| tedd_an/CheckPatch |
success
|
CheckPatch PASS
|
| tedd_an/GitLint |
success
|
Gitlint PASS
|
| tedd_an/BuildEll |
success
|
Build ELL PASS
|
| tedd_an/BluezMake |
success
|
Bluez Make PASS
|
| tedd_an/MakeCheck |
success
|
Bluez Make Check PASS
|
| tedd_an/MakeDistcheck |
success
|
Make Distcheck PASS
|
| tedd_an/CheckValgrind |
success
|
Check Valgrind PASS
|
| tedd_an/bluezmakeextell |
success
|
Make External ELL PASS
|
| tedd_an/IncrementalBuild |
success
|
Incremental Build PASS
|
| tedd_an/ScanBuild |
warning
|
ScanBuild: src/shared/gatt-client.c:387:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:600:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:900:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1009:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1201:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1266:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1537:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1542:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2044:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2052:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3135:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3157:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
|
@@ -1018,6 +1018,20 @@ static bool match_handle_range(const void *data, const void *match_data)
(match_range->start <= range->end);
}
+static struct handle_range *range_new(uint16_t start, uint16_t end)
+{
+ struct handle_range *range;
+
+ if (!start || !end || start > end)
+ return NULL;
+
+ range = new0(struct handle_range, 1);
+ range->start = start;
+ range->end = end;
+
+ return range;
+}
+
static void remove_discov_range(struct discovery_op *op, uint16_t start,
uint16_t end)
{
@@ -1034,16 +1048,18 @@ static void remove_discov_range(struct discovery_op *op, uint16_t start,
if ((range->start == start) && (range->end == end)) {
queue_remove(op->discov_ranges, range);
free(range);
- } else if (range->start == start)
+ } else if (range->start == start) {
range->start = end + 1;
- else if (range->end == end)
+ if (!range->start || range->start > range->end) {
+ queue_remove(op->discov_ranges, range);
+ free(range);
+ }
+ } else if (range->end == end)
range->end = start - 1;
else {
- new_range = new0(struct handle_range, 1);
- new_range->start = end + 1;
- new_range->end = range->end;
-
- queue_push_after(op->discov_ranges, range, new_range);
+ new_range = range_new(end + 1, range->end);
+ if (new_range)
+ queue_push_after(op->discov_ranges, range, new_range);
range->end = start - 1;
}
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> When attempting to update discovery ranges the code shall verify if the range is still valid (handles != 0x0000 and start < end). --- src/shared/gatt-client.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-)