diff mbox series

[BlueZ] btdev: Do not call auth_complete with NULL conn

Message ID 20231014194120.1884126-1-arkadiusz.bokowy@gmail.com (mailing list archive)
State New, archived
Headers show
Series [BlueZ] btdev: Do not call auth_complete with NULL conn | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/BuildEll success Build ELL PASS
tedd_an/BluezMake success Bluez Make PASS
tedd_an/MakeCheck success Bluez Make Check PASS
tedd_an/MakeDistcheck success Make Distcheck PASS
tedd_an/CheckValgrind success Check Valgrind PASS
tedd_an/CheckSmatch warning CheckSparse WARNING emulator/btdev.c:420:29: warning: Variable length array is used.
tedd_an/bluezmakeextell success Make External ELL PASS
tedd_an/IncrementalBuild success Incremental Build PASS
tedd_an/ScanBuild warning ScanBuild: emulator/btdev.c:1083:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn' while ((conn = queue_find(dev->conns, match_handle, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ emulator/btdev.c:1334:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn') pending_conn_del(dev, conn->link->dev); ^~~~~~~~~~ 2 warnings generated.

Commit Message

Arkadiusz Bokowy Oct. 14, 2023, 7:41 p.m. UTC 
Make sure that the auto_complete() function will not be called with the
NULL connection, because it is required by that function.

** NOTE FOR REVIEWERS **
The change in the cmd_link_key_reply_complete() function was done based
on the code from other *_complete() functions. In most of them, in case
of NULL connection the conn_complete() was used instead. But I'm not
100% sure that it's the right approach (not even 90% sure...).
---
 emulator/btdev.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

Comments

bluez.test.bot@gmail.com Oct. 14, 2023, 9:16 p.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=793242

---Test result---

Test Summary:
CheckPatch                    PASS      0.52 seconds
GitLint                       PASS      0.35 seconds
BuildEll                      PASS      29.36 seconds
BluezMake                     PASS      900.58 seconds
MakeCheck                     PASS      12.56 seconds
MakeDistcheck                 PASS      178.02 seconds
CheckValgrind                 PASS      277.59 seconds
CheckSmatch                   WARNING   368.83 seconds
bluezmakeextell               PASS      119.38 seconds
IncrementalBuild              PASS      753.77 seconds
ScanBuild                     WARNING   1122.62 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/btdev.c:420:29: warning: Variable length array is used.
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
emulator/btdev.c:1083:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn'
        while ((conn = queue_find(dev->conns, match_handle,
                ^      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/btdev.c:1334:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn')
        pending_conn_del(dev, conn->link->dev);
                              ^~~~~~~~~~
2 warnings generated.



---
Regards,
Linux Bluetooth
diff mbox series

Patch

diff --git a/emulator/btdev.c b/emulator/btdev.c
index c76b89db9..2564d96f2 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -1453,7 +1453,7 @@  static void auth_complete(struct btdev_conn *conn, uint8_t status)
 
 	memset(&ev, 0, sizeof(ev));
 
-	ev.handle = conn ? cpu_to_le16(conn->handle) : 0x0000;
+	ev.handle = cpu_to_le16(conn->handle);
 	ev.status = status;
 
 	send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
@@ -1491,10 +1491,10 @@  static int cmd_link_key_reply_complete(struct btdev *dev, const void *data,
 		status = BT_HCI_ERR_AUTH_FAILURE;
 
 done:
-	auth_complete(conn, status);
-
 	if (conn)
 		auth_complete(conn->link, status);
+	else
+		conn_complete(dev, cmd->bdaddr, status);
 
 	return 0;
 }
@@ -1681,28 +1681,25 @@  static int cmd_pin_code_neg_reply_complete(struct btdev *dev, const void *data,
 							uint8_t len)
 {
 	const struct bt_hci_cmd_pin_code_request_neg_reply *cmd = data;
+	const uint8_t status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
 	struct btdev *remote;
 	struct btdev_conn *conn;
-	uint8_t status;
 
 	remote = find_btdev_by_bdaddr(cmd->bdaddr);
 	if (!remote)
 		return 0;
 
-	status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
-
 	conn = queue_find(dev->conns, match_bdaddr, cmd->bdaddr);
 	if (conn)
 		auth_complete(conn, status);
 	else
-		conn_complete(dev, cmd->bdaddr, BT_HCI_ERR_PIN_OR_KEY_MISSING);
+		conn_complete(dev, cmd->bdaddr, status);
 
 	if (conn) {
 		if (remote->pin_len)
 			auth_complete(conn->link, status);
 	} else {
-		conn_complete(remote, dev->bdaddr,
-					BT_HCI_ERR_PIN_OR_KEY_MISSING);
+		conn_complete(remote, dev->bdaddr, status);
 	}
 
 	return 0;