| Message ID | 20240215145227.782554-1-luiz.dentz@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f3c35ed835bda18573e07d02f725be5106ad8ae8 |
| Headers | show |
| Series | [BlueZ,v1,1/2] btdev: Fix crash on page_timeout | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| tedd_an/CheckPatch | success | CheckPatch PASS |
| tedd_an/GitLint | success | Gitlint PASS |
| tedd_an/BuildEll | success | Build ELL PASS |
| tedd_an/BluezMake | success | Bluez Make PASS |
| tedd_an/MakeCheck | success | Bluez Make Check PASS |
| tedd_an/MakeDistcheck | success | Make Distcheck PASS |
| tedd_an/CheckValgrind | success | Check Valgrind PASS |
| tedd_an/CheckSmatch | warning | CheckSparse WARNING emulator/btdev.c:422:29: warning: Variable length array is used. |
| tedd_an/bluezmakeextell | success | Make External ELL PASS |
| tedd_an/IncrementalBuild | success | Incremental Build PASS |
| tedd_an/ScanBuild | warning | ScanBuild: emulator/btdev.c:1086:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn' while ((conn = queue_find(dev->conns, match_handle, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ emulator/btdev.c:1372:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn') pending_conn_del(dev, conn->link->dev); ^~~~~~~~~~ emulator/btdev.c:1494:13: warning: Access to field 'dev' results in a dereference of a null pointer (loaded from variable 'conn') send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev)); ^~~~~~~~~ 3 warnings generated. |
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=826449
---Test result---
Test Summary:
CheckPatch FAIL 0.83 seconds
GitLint PASS 0.38 seconds
BuildEll PASS 24.08 seconds
BluezMake PASS 735.14 seconds
MakeCheck PASS 11.95 seconds
MakeDistcheck PASS 163.00 seconds
CheckValgrind PASS 226.46 seconds
CheckSmatch WARNING 330.29 seconds
bluezmakeextell PASS 107.46 seconds
IncrementalBuild PASS 1373.61 seconds
ScanBuild WARNING 949.57 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,v1,2/2] rfcomm-tester: Fix crash on test-basic
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#105:
#0 0x7f199c3a01c9 in g_io_channel_unref (/lib64/libglib-2.0.so.0+0x4d1c9)
/github/workspace/src/src/13558579.patch total: 0 errors, 1 warnings, 17 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13558579.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/btdev.c:422:29: warning: Variable length array is used.
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
emulator/btdev.c:1086:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn'
while ((conn = queue_find(dev->conns, match_handle,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/btdev.c:1372:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn')
pending_conn_del(dev, conn->link->dev);
^~~~~~~~~~
emulator/btdev.c:1494:13: warning: Access to field 'dev' results in a dereference of a null pointer (loaded from variable 'conn')
send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
^~~~~~~~~
3 warnings generated.
---
Regards,
Linux Bluetooth
Hello: This series was applied to bluetooth/bluez.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Thu, 15 Feb 2024 09:52:26 -0500 you wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > If remote device cannot be found after page_timeout then the code shall > not proceed to call pending_conn_del. > --- > emulator/btdev.c | 3 +++ > 1 file changed, 3 insertions(+) Here is the summary with links: - [BlueZ,v1,1/2] btdev: Fix crash on page_timeout https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f3c35ed835bd - [BlueZ,v1,2/2] rfcomm-tester: Fix crash on test-basic https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=fb339bde646c You are awesome, thank you!
diff --git a/emulator/btdev.c b/emulator/btdev.c index 4c9f5d1811d4..139ab69b4029 100644 --- a/emulator/btdev.c +++ b/emulator/btdev.c @@ -1248,6 +1248,9 @@ static void conn_complete(struct btdev *btdev, struct bt_hci_evt_conn_complete cc; struct btdev *remote = find_btdev_by_bdaddr(bdaddr); + if (!remote) + return; + if (!status) { struct btdev_conn *conn;
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> If remote device cannot be found after page_timeout then the code shall not proceed to call pending_conn_del. --- emulator/btdev.c | 3 +++ 1 file changed, 3 insertions(+)