diff options
| author | Anupam Roy <anupam.r@samsung.com> | 2017-10-25 12:09:32 +0530 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2017-10-26 16:55:33 +0300 |
| commit | bdfe5fcee3c8a3013d4866ebf573abb1a3e342be (patch) | |
| tree | aa42d785821225871525af859e304d92c9ea97f4 /client/advertising.c | |
| parent | ef47d746d054a06ba08180f8c1255c1ea247b39a (diff) | |
| download | bluez-bdfe5fcee3c8a3013d4866ebf573abb1a3e342be.tar.gz | |
client: Fix segmentation fault while fetching advertising data
While testing advertisement, I encountered Seg fault in client, when bluetoothd
tries to fetch the Adv data set by client. It can happen either while fetching
Manufacturer specific data or Service data. Backtrace is provided below for reference
After fix is applied, advertisement works fine for me. I am sending the following patch
your review. Thank you.
Passing val instead of &val in dbus_message_iter_append_fixed_array
DBUS API causes segmentation fault while fecthing Manufacturer
data or service data set by client.
BT Before Fix:
[bluetooth]# set-advertise-name Test
[bluetooth]# set-advertise-uuids 0x1824
[bluetooth]# set-advertise-manufacturer 0x75 0x02 0x03 0x04
[bluetooth]# advertise on
Program received signal SIGSEGV, Segmentation fault.
in append_array_variant(iter=iter@entry=0x7fffffffd780,
val=val@entry=0x62485a <ad+90>, n_elements=n_elements@entry=3, type=121) at client/advertising.c:178
in dict_append_basic_array(type=121, n_elements=3,
val=0x62485a <ad+90>, key=0x624858 <ad+88>, key_type=113, dict=0x7fffffffd730) at client/advertising.c:205
get_manufacturer_data(property=<optimized out>, iter=0x7fffffffd840,
user_data=<optimized out>) at client/advertising.c:253
After Fix:
[bluetooth]# set-advertise-name Test
[bluetooth]# set-advertise-uuids 0x1824
[bluetooth]# set-advertise-manufacturer 0x75 0x02 0x03 0x04
[bluetooth]# advertise on
[CHG] Controller 00:19:0E:11:55:44 SupportedInstances: 0x04
[CHG] Controller 00:19:0E:11:55:44 ActiveInstances: 0x01
Advertising object registered
[bluetooth]#
Diffstat (limited to 'client/advertising.c')
| -rw-r--r-- | client/advertising.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/client/advertising.c b/client/advertising.c index 76cee3da7..7e4bb3643 100644 --- a/client/advertising.c +++ b/client/advertising.c @@ -225,10 +225,11 @@ static gboolean get_service_data(const GDBusPropertyTable *property, { DBusMessageIter dict; struct ad_data *data = &ad.service.data; + uint8_t *val = data->data; dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, "{sv}", &dict); - dict_append_array(&dict, ad.service.uuid, DBUS_TYPE_BYTE, &data->data, + dict_append_array(&dict, ad.service.uuid, DBUS_TYPE_BYTE, &val, data->len); dbus_message_iter_close_container(iter, &dict); @@ -247,11 +248,12 @@ static gboolean get_manufacturer_data(const GDBusPropertyTable *property, { DBusMessageIter dict; struct ad_data *data = &ad.manufacturer.data; + uint8_t *val = data->data; dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY, "{qv}", &dict); dict_append_basic_array(&dict, DBUS_TYPE_UINT16, &ad.manufacturer.id, - DBUS_TYPE_BYTE, &data->data, data->len); + DBUS_TYPE_BYTE, &val, data->len); dbus_message_iter_close_container(iter, &dict); |