[BlueZ,v1,2/4] monitor: Fix crash parsing notification

Message ID	20240731135718.429604-2-luiz.dentz@gmail.com (mailing list archive)
State	Accepted
Commit	8a708aa5f04613768e903d243a7261efd202ea88
Headers	show Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B17F01AED53 for <linux-bluetooth@vger.kernel.org>; Wed, 31 Jul 2024 13:57:25 +0000 (UTC) From: Luiz Augusto von Dentz <luiz.dentz@gmail.com> To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v1 2/4] monitor: Fix crash parsing notification Date: Wed, 31 Jul 2024 14:57:16 +0100 Message-ID: <20240731135718.429604-2-luiz.dentz@gmail.com> In-Reply-To: <20240731135718.429604-1-luiz.dentz@gmail.com> References: <20240731135718.429604-1-luiz.dentz@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[BlueZ,v1,1/4] client/player: Fix not setting config target_latency with edpoint.config \| expand [BlueZ,v1,1/4] client/player: Fix not setting config target_latency with edpoint.config [BlueZ,v1,2/4] monitor: Fix crash parsing notification [BlueZ,v1,3/4] shared/bap: Fix not setting metadata [BlueZ,v1,4/4] bap: Fix not setting metatada

Message ID

20240731135718.429604-2-luiz.dentz@gmail.com (mailing list archive)

State

Accepted

Commit

8a708aa5f04613768e903d243a7261efd202ea88

Headers

From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH BlueZ v1 2/4] monitor: Fix crash parsing notification
Date: Wed, 31 Jul 2024 14:57:16 +0100
Message-ID: <20240731135718.429604-2-luiz.dentz@gmail.com>
In-Reply-To: <20240731135718.429604-1-luiz.dentz@gmail.com>
References: <20240731135718.429604-1-luiz.dentz@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[BlueZ,v1,1/4] client/player: Fix not setting config target_latency with edpoint.config | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	success	Gitlint PASS
tedd_an/IncrementalBuild	success	Incremental Build PASS

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

success

Gitlint PASS

tedd_an/IncrementalBuild

success

Incremental Build PASS

Commit Message

Luiz Augusto von Dentz July 31, 2024, 1:57 p.m. UTC

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This fixes the following crash caused by notify callback being NULL:

Jump to the invalid address stated on the next line
   at 0x0: ???
   by 0x1E8375: print_notify (att.c:5420)
   by 0x1E9464: att_multiple_vl_rsp (att.c:5463)
   by 0x20D39E: att_packet (att.c:5637)
   by 0x1B2054: l2cap_frame (l2cap.c:2567)
   by 0x1B4A4D: l2cap_packet (l2cap.c:2708)
   by 0x19AD43: packet_hci_acldata (packet.c:12522)
   by 0x19CF07: packet_monitor (packet.c:4249)
   by 0x152405: data_callback (control.c:973)
   by 0x2204F6: mainloop_run (mainloop.c:106)
   by 0x221017: mainloop_run_with_signal (mainloop-notify.c:189)
   by 0x14F387: main (main.c:298)
 Address 0x0 is not stack'd, malloc'd or (recently) free'd
---
 monitor/att.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/monitor/att.c b/monitor/att.c
index a23347ef7..73a616584 100644
--- a/monitor/att.c
+++ b/monitor/att.c
@@ -4646,7 +4646,8 @@  static void print_notify(const struct l2cap_frame *frame, uint16_t handle,
 		frame = &clone;
 	}
 
-	handler->notify(frame);
+	if (handler->notify)
+		handler->notify(frame);
 }
 
 static void att_handle_value_notify(const struct l2cap_frame *frame)