diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-03-13 15:51:50 -0700 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-03-14 12:38:24 -0700 |
| commit | e040109302d841750b767e88c26a48e6f832edf3 (patch) | |
| tree | 79fb4295c7fc5c31c792a9734ddb2d46b4863950 /src/shared | |
| parent | 4b704fb45a69ed6e745c5d01cca9622ede4bf522 (diff) | |
| download | bluez-e040109302d841750b767e88c26a48e6f832edf3.tar.gz | |
shared/csip: Fix crash on bt_csip_get_sirk
This fixes the following trace:
Invalid read of size 1
at 0x1F4282: bt_csip_get_sirk (csip.c:812)
by 0x176B21: csip_ready (csip.c:259)
by 0x1F3C74: csip_notify_ready (csip.c:578)
by 0x1F3C74: csip_idle (csip.c:659)
by 0x1DCDCC: idle_notify (gatt-client.c:171)
by 0x1D579A: queue_remove_if (queue.c:279)
by 0x1D584F: queue_remove_all (queue.c:321)
by 0x1E036F: notify_client_idle (gatt-client.c:180)
by 0x1E036F: request_unref (gatt-client.c:199)
by 0x1DC60D: destroy_att_send_op (att.c:211)
by 0x1DC60D: handle_rsp (att.c:874)
by 0x1DC60D: can_read_data (att.c:1064)
by 0x1F43F4: watch_callback (io-glib.c:157)
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
Address 0x0 is not stack'd, malloc'd or (recently) free'd
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/csip.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/csip.c b/src/shared/csip.c index 094f448a3..7e90a3c97 100644 --- a/src/shared/csip.c +++ b/src/shared/csip.c @@ -810,6 +810,9 @@ bool bt_csip_get_sirk(struct bt_csip *csip, uint8_t *type, if (!csis) return false; + if (!csis->sirk_val) + return false; + if (type) *type = csis->sirk_val->type; |