[PATCH BlueZ 4/4] shared/csip: Fix crash on bt_csip_get_sirk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>

This fixes the following trace:

Invalid read of size 1
   at 0x1F4282: bt_csip_get_sirk (csip.c:812)
   by 0x176B21: csip_ready (csip.c:259)
   by 0x1F3C74: csip_notify_ready (csip.c:578)
   by 0x1F3C74: csip_idle (csip.c:659)
   by 0x1DCDCC: idle_notify (gatt-client.c:171)
   by 0x1D579A: queue_remove_if (queue.c:279)
   by 0x1D584F: queue_remove_all (queue.c:321)
   by 0x1E036F: notify_client_idle (gatt-client.c:180)
   by 0x1E036F: request_unref (gatt-client.c:199)
   by 0x1DC60D: destroy_att_send_op (att.c:211)
   by 0x1DC60D: handle_rsp (att.c:874)
   by 0x1DC60D: can_read_data (att.c:1064)
   by 0x1F43F4: watch_callback (io-glib.c:157)
   by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
 Address 0x0 is not stack'd, malloc'd or (recently) free'd
 src/shared/csip.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/shared/csip.c b/src/shared/csip.c
index 094f448a3532..7e90a3c97614 100644
--- a/src/shared/csip.c
+++ b/src/shared/csip.c
@@ -810,6 +810,9 @@ bool bt_csip_get_sirk(struct bt_csip *csip, uint8_t *type,
 	if (!csis)
 		return false;
+	if (!csis->sirk_val)
+		return false;
 	if (type)
 		*type = csis->sirk_val->type;

[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux