| Message ID | 20230313225150.267896-4-luiz.dentz@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | e040109302d841750b767e88c26a48e6f832edf3 |
| Headers | show |
| Series | [BlueZ,1/4] shared/bap: Fix not unregistering idle callback on detach | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| tedd_an/CheckPatch | warning | WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line) #100: by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6) /github/workspace/src/src/13173430.patch total: 0 errors, 1 warnings, 9 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/src/13173430.patch has style problems, please review. NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. |
| tedd_an/GitLint | success | Gitlint PASS |
| tedd_an/IncrementalBuild | success | Incremental Build PASS |
diff --git a/src/shared/csip.c b/src/shared/csip.c index 094f448a3532..7e90a3c97614 100644 --- a/src/shared/csip.c +++ b/src/shared/csip.c @@ -810,6 +810,9 @@ bool bt_csip_get_sirk(struct bt_csip *csip, uint8_t *type, if (!csis) return false; + if (!csis->sirk_val) + return false; + if (type) *type = csis->sirk_val->type;
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This fixes the following trace: Invalid read of size 1 at 0x1F4282: bt_csip_get_sirk (csip.c:812) by 0x176B21: csip_ready (csip.c:259) by 0x1F3C74: csip_notify_ready (csip.c:578) by 0x1F3C74: csip_idle (csip.c:659) by 0x1DCDCC: idle_notify (gatt-client.c:171) by 0x1D579A: queue_remove_if (queue.c:279) by 0x1D584F: queue_remove_all (queue.c:321) by 0x1E036F: notify_client_idle (gatt-client.c:180) by 0x1E036F: request_unref (gatt-client.c:199) by 0x1DC60D: destroy_att_send_op (att.c:211) by 0x1DC60D: handle_rsp (att.c:874) by 0x1DC60D: can_read_data (att.c:1064) by 0x1F43F4: watch_callback (io-glib.c:157) by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6) Address 0x0 is not stack'd, malloc'd or (recently) free'd --- src/shared/csip.c | 3 +++ 1 file changed, 3 insertions(+)