Hi Pauli, Nitin,
On Tue, Jun 27, 2023 at 12:05 PM Pauli Virtanen <pav@xxxxxx> wrote:
>
> Hi,
>
> ma, 2023-06-12 kello 19:02 +0530, Nitin Jadhav kirjoitti:
> > Fixed the following issue observed during PTS testing
> > - Specified Upper and Lower Limit for Volume offset
> > - Corrected the number of handles for VOCS
> > - VOCS is made as included service of VCS
> > (VOCS is secondary service and VSC is primary service)
>
> I'm seeing a crash on BlueZ master branch
> 6b9d167034b741605c3186e78e9742dda8e28e08 with this patch, when trying
> pair LE Audio TWS earbuds, with ControllerMode=le and experimental
> features enabled in config and sound server with BAP support running.
> It seems to crash reproducibly here during pairing. Also trying to
> connect to previously paired BlueZ<->BlueZ seems to crash.
>
> Reverting commit d2d2d12f59d65002c4a671a5af1837f295181142
> ("shared/vcp.c: Make VOCS as an included service of VCS") makes it to
> not crash any more. Didn't try to look so far into detail if it's
> directly related to this patch, but something in VCP might not be quite
> right.
Yep, Ive seem this as well, looks like we need to work on a unit
tester to avoid such regressions to be introduced, in the meantime Im
using -P vcp to exclude vcp for now.
> Logs:
>
> bluetoothd[38339]: src/device.c:gatt_client_ready_cb() status: success, error: 0
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001800-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001801-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000180a-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000180f-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000180f-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: a7a473e9-19c6-491b-aea6-7ea92b8f043a
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000184f-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000184e-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001850-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 0000184d-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001844-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001855-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00008fe1-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001846-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:update_gatt_uuids() UUID Added: 00001853-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/gap/gas.c:gap_probe() GAP profile probe (28:3D:C2:4A:7D:2A)
> bluetoothd[38339]: src/service.c:change_state() 0x6040000409d0: device 28:3D:C2:4A:7D:2A profile gap-profile state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/gap/gas.c:gap_accept() GAP profile accept (28:3D:C2:4A:7D:2A)
> bluetoothd[38339]: profiles/gap/gas.c:handle_characteristic() Unsupported characteristic: 00002aa6-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/service.c:change_state() 0x6040000409d0: device 28:3D:C2:4A:7D:2A profile gap-profile state changed: disconnected -> connected (0)
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/service.c:change_state() 0x604000040cd0: device 28:3D:C2:4A:7D:2A profile deviceinfo state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:deviceinfo_accept() deviceinfo profile accept (28:3D:C2:4A:7D:2A)
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a29-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a24-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a25-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a27-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a26-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a28-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a23-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: profiles/deviceinfo/deviceinfo.c:handle_characteristic() Unsupported characteristic: 00002a2a-0000-1000-8000-00805f9b34fb
> bluetoothd[38339]: src/service.c:change_state() 0x604000040cd0: device 28:3D:C2:4A:7D:2A profile deviceinfo state changed: disconnected -> connected (0)
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/battery/battery.c:batt_probe() BATT profile probe (28:3D:C2:4A:7D:2A)
> bluetoothd[38339]: src/service.c:change_state() 0x604000040e50: device 28:3D:C2:4A:7D:2A profile batt-profile state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/battery/battery.c:batt_accept() BATT profile accept (28:3D:C2:4A:7D:2A)
> bluetoothd[38339]: profiles/battery/battery.c:foreach_batt_service() More than one BATT service exists for this device
> bluetoothd[38339]: src/service.c:change_state() 0x604000040e50: device 28:3D:C2:4A:7D:2A profile batt-profile state changed: disconnected -> connected (0)
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/bass.c:bass_probe() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/gatt-database.c:gatt_db_service_added() GATT Service added to local database
> bluetoothd[38339]: src/gatt-database.c:send_notification_to_device() GATT server sending indication
> bluetoothd[38339]: src/gatt-database.c:db_hash_read_cb() Database Hash read
> bluetoothd[38339]: profiles/audio/bass.c:bass_data_add() data 0x603000087b20
> bluetoothd[38339]: src/service.c:change_state() 0x6040000410d0: device 28:3D:C2:4A:7D:2A profile bass state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/audio/bass.c:bass_accept() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/shared/bass.c:foreach_bass_char() Broadcast Audio Scan Control Point found: handle 0x003d
> bluetoothd[38339]: src/shared/bass.c:foreach_bass_char() Broadcast Receive State found: handle 0x003f
> bluetoothd[38339]: src/service.c:change_state() 0x6040000410d0: device 28:3D:C2:4A:7D:2A profile bass state changed: disconnected -> connected (0)
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/bap.c:bap_probe() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/bap.c:bap_data_add() data 0x60b000022fe0
> bluetoothd[38339]: src/service.c:change_state() 0x604000042b10: device 28:3D:C2:4A:7D:2A profile bap state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/audio/bap.c:bap_accept() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/bap.c:bap_attached() 0x60e0000043a0
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() PAC Context found: handle 0x0050
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() PAC Supported Context found: handle 0x0053
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() Sink PAC Location found: handle 0x0056
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() Sink PAC found: handle 0x0059
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() Source PAC Location found: handle 0x005c
> bluetoothd[38339]: src/shared/bap.c:foreach_pacs_char() Source PAC found: handle 0x005f
> bluetoothd[38339]: src/shared/bap.c:foreach_ascs_char() ASE Control Point found: handle 0x0043
> bluetoothd[38339]: src/shared/bap.c:bap_cp_attach() ASE CP handle 0x0043
> bluetoothd[38339]: src/shared/bap.c:foreach_ascs_char() ASE Sink found: handle 0x0046
> bluetoothd[38339]: src/shared/bap.c:bap_endpoint_attach() ASE handle 0x0046
> bluetoothd[38339]: src/shared/bap.c:foreach_ascs_char() ASE Sink found: handle 0x0049
> bluetoothd[38339]: src/shared/bap.c:bap_endpoint_attach() ASE handle 0x0049
> bluetoothd[38339]: src/shared/bap.c:foreach_ascs_char() ASE Source found: handle 0x004c
> bluetoothd[38339]: src/shared/bap.c:bap_endpoint_attach() ASE handle 0x004c
> bluetoothd[38339]: src/service.c:change_state() 0x604000042b10: device 28:3D:C2:4A:7D:2A profile bap state changed: disconnected -> connected (0)
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/device.c:device_probe_profiles() Probing profiles for device 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/vcp.c:vcp_probe() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: profiles/audio/vcp.c:vcp_data_add() data 0x60300008ab20
> bluetoothd[38339]: src/service.c:change_state() 0x6040000432d0: device 28:3D:C2:4A:7D:2A profile vcp state changed: unavailable -> disconnected (0)
> bluetoothd[38339]: profiles/audio/vcp.c:vcp_accept() 28:3D:C2:4A:7D:2A
> bluetoothd[38339]: src/shared/vcp.c:foreach_vcs_char() VCS Vol state found: handle 0x0024
> bluetoothd[38339]: src/shared/vcp.c:foreach_vcs_char() VCS Volume CP found: handle 0x0027
> bluetoothd[38339]: src/shared/vcp.c:foreach_vcs_char() VCS Vol Flag found: handle 0x0029
> bluetoothd[38339]: =================================================================
> bluetoothd[38339]: ==38339==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400003db08 at pc 0x0000006368fe bp 0x7ffd259cd910 sp 0x7ffd259cd908
> bluetoothd[38339]: READ of size 8 at 0x60400003db08 thread T0
> bluetoothd[38339]: #0 0x6368fd in gatt_db_attribute_get_char_data src/shared/gatt-db.c:1877
> bluetoothd[38339]: #1 0x6135ac in notify_chrc_create src/shared/gatt-client.c:323
> bluetoothd[38339]: #2 0x61b275 in register_notify src/shared/gatt-client.c:1765
> bluetoothd[38339]: #3 0x624940 in bt_gatt_client_register_notify src/shared/gatt-client.c:3741
> bluetoothd[38339]: #4 0x66472e in vcp_register_notify src/shared/vcp.c:1517
> bluetoothd[38339]: #5 0x664eac in foreach_vcs_char src/shared/vcp.c:1586
> bluetoothd[38339]: #6 0x6351a2 in gatt_db_service_foreach src/shared/gatt-db.c:1524
> bluetoothd[38339]: #7 0x635234 in gatt_db_service_foreach_char src/shared/gatt-db.c:1532
> bluetoothd[38339]: #8 0x665993 in foreach_vcs_service src/shared/vcp.c:1686
> bluetoothd[38339]: #9 0x634452 in foreach_service_in_range src/shared/gatt-db.c:1413
> bluetoothd[38339]: #10 0x6347ba in foreach_in_range src/shared/gatt-db.c:1436
> bluetoothd[38339]: #11 0x5f7364 in queue_foreach src/shared/queue.c:207
> bluetoothd[38339]: #12 0x634d75 in gatt_db_foreach_service_in_range src/shared/gatt-db.c:1478
> bluetoothd[38339]: #13 0x634198 in gatt_db_foreach_service src/shared/gatt-db.c:1383
> bluetoothd[38339]: #14 0x665c15 in bt_vcp_attach src/shared/vcp.c:1722
> bluetoothd[38339]: #15 0x4b3ebc in vcp_accept profiles/audio/vcp.c:251
> bluetoothd[38339]: #16 0x561410 in service_accept src/service.c:203
> bluetoothd[38339]: #17 0x58275e in add_gatt_service src/device.c:3979
> bluetoothd[38339]: #18 0x634452 in foreach_service_in_range src/shared/gatt-db.c:1413
> bluetoothd[38339]: #19 0x6347ba in foreach_in_range src/shared/gatt-db.c:1436
> bluetoothd[38339]: #20 0x5f7364 in queue_foreach src/shared/queue.c:207
> bluetoothd[38339]: #21 0x634d75 in gatt_db_foreach_service_in_range src/shared/gatt-db.c:1478
> bluetoothd[38339]: #22 0x634198 in gatt_db_foreach_service src/shared/gatt-db.c:1383
> bluetoothd[38339]: #23 0x582929 in device_add_gatt_services src/device.c:3993
> bluetoothd[38339]: #24 0x58a590 in register_gatt_services src/device.c:5368
> bluetoothd[38339]: #25 0x58a6ad in gatt_client_ready_cb src/device.c:5386
> bluetoothd[38339]: #26 0x619375 in notify_client_ready src/shared/gatt-client.c:1390
> bluetoothd[38339]: #27 0x61cf29 in init_complete src/shared/gatt-client.c:2092
> bluetoothd[38339]: #28 0x614439 in discovery_op_complete src/shared/gatt-client.c:476
> bluetoothd[38339]: #29 0x619cec in db_hash_read_cb src/shared/gatt-client.c:1496
> bluetoothd[38339]: #30 0x673d37 in discovery_op_complete src/shared/gatt-helpers.c:615
> bluetoothd[38339]: #31 0x677336 in read_by_type_cb src/shared/gatt-helpers.c:1344
> bluetoothd[38339]: #32 0x60d878 in handle_rsp src/shared/att.c:860
> bluetoothd[38339]: #33 0x60e5cd in can_read_data src/shared/att.c:1052
> bluetoothd[38339]: #34 0x66f30e in watch_callback src/shared/io-glib.c:157
> bluetoothd[38339]: #35 0x7fdd0af8239b in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x5c39b) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #36 0x7fdd0afe0437 in g_main_context_iterate.isra.0 (/lib64/libglib-2.0.so.0+0xba437) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #37 0x7fdd0af8199e in g_main_loop_run (/lib64/libglib-2.0.so.0+0x5b99e) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #38 0x66fd29 in mainloop_run src/shared/mainloop-glib.c:66
> bluetoothd[38339]: #39 0x67077e in mainloop_run_with_signal src/shared/mainloop-notify.c:188
> bluetoothd[38339]: #40 0x4da138 in main src/main.c:1450
> bluetoothd[38339]: #41 0x7fdd0a649b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
> bluetoothd[38339]: #42 0x7fdd0a649c0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
> bluetoothd[38339]: #43 0x40c974 in _start (/usr/local/stow/bluez-dev/libexec/bluetooth/bluetoothd+0x40c974) (BuildId: 339d83124c60413f66f5c84af62cd00e236e7733)
> bluetoothd[38339]: 0x60400003db08 is located 8 bytes before 40-byte region [0x60400003db10,0x60400003db38)
> bluetoothd[38339]: allocated by thread T0 here:
> bluetoothd[38339]: #0 0x7fdd0a8d92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: dc689b05ca2577037af24700212bb5cce1f91c8a)
> bluetoothd[38339]: #1 0x5f86b7 in util_malloc src/shared/util.c:46
> bluetoothd[38339]: #2 0x62fe56 in gatt_db_service_create src/shared/gatt-db.c:533
> bluetoothd[38339]: #3 0x631171 in gatt_db_insert_service src/shared/gatt-db.c:734
> bluetoothd[38339]: #4 0x61844f in discovery_parse_services src/shared/gatt-client.c:1205
> bluetoothd[38339]: #5 0x618e8f in discover_primary_cb src/shared/gatt-client.c:1326
> bluetoothd[38339]: #6 0x673d37 in discovery_op_complete src/shared/gatt-helpers.c:615
> bluetoothd[38339]: #7 0x67432e in read_by_grp_type_cb src/shared/gatt-helpers.c:717
> bluetoothd[38339]: #8 0x60d878 in handle_rsp src/shared/att.c:860
> bluetoothd[38339]: #9 0x60e5cd in can_read_data src/shared/att.c:1052
> bluetoothd[38339]: #10 0x66f30e in watch_callback src/shared/io-glib.c:157
> bluetoothd[38339]: #11 0x7fdd0af8239b in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x5c39b) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #12 0x7fdd0afe0437 in g_main_context_iterate.isra.0 (/lib64/libglib-2.0.so.0+0xba437) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #13 0x7fdd0af8199e in g_main_loop_run (/lib64/libglib-2.0.so.0+0x5b99e) (BuildId: b0e6a618cd46494b058c5f00ce2f1a650b200ce3)
> bluetoothd[38339]: #14 0x66fd29 in mainloop_run src/shared/mainloop-glib.c:66
> bluetoothd[38339]: #15 0x67077e in mainloop_run_with_signal src/shared/mainloop-notify.c:188
> bluetoothd[38339]: #16 0x4da138 in main src/main.c:1450
> bluetoothd[38339]: #17 0x7fdd0a649b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
> bluetoothd[38339]: #18 0x7fdd0a649c0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
> bluetoothd[38339]: #19 0x40c974 in _start (/usr/local/stow/bluez-dev/libexec/bluetooth/bluetoothd+0x40c974) (BuildId: 339d83124c60413f66f5c84af62cd00e236e7733)
> bluetoothd[38339]: SUMMARY: AddressSanitizer: heap-buffer-overflow src/shared/gatt-db.c:1877 in gatt_db_attribute_get_char_data
> bluetoothd[38339]: Shadow bytes around the buggy address:
> bluetoothd[38339]: 0x60400003d880: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
> bluetoothd[38339]: 0x60400003d900: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003d980: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003da00: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003da80: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
> bluetoothd[38339]: =>0x60400003db00: fa[fa]00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
> bluetoothd[38339]: 0x60400003db80: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa
> bluetoothd[38339]: 0x60400003dc00: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003dc80: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003dd00: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
> bluetoothd[38339]: 0x60400003dd80: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
> bluetoothd[38339]: Shadow byte legend (one shadow byte represents 8 application bytes):
> bluetoothd[38339]: Addressable: 00
> bluetoothd[38339]: Partially addressable: 01 02 03 04 05 06 07
> bluetoothd[38339]: Heap left redzone: fa
> bluetoothd[38339]: Freed heap region: fd
> bluetoothd[38339]: Stack left redzone: f1
> bluetoothd[38339]: Stack mid redzone: f2
> bluetoothd[38339]: Stack right redzone: f3
> bluetoothd[38339]: Stack after return: f5
> bluetoothd[38339]: Stack use after scope: f8
> bluetoothd[38339]: Global redzone: f9
> bluetoothd[38339]: Global init order: f6
> bluetoothd[38339]: Poisoned by user: f7
> bluetoothd[38339]: Container overflow: fc
> bluetoothd[38339]: Array cookie: ac
> bluetoothd[38339]: Intra object redzone: bb
> bluetoothd[38339]: ASan internal: fe
> bluetoothd[38339]: Left alloca redzone: ca
> bluetoothd[38339]: Right alloca redzone: cb
> bluetoothd[38339]: ==38339==ABORTING
> systemd[1]: bluetooth.service: Main process exited, code=dumped, status=6/ABRT
> systemd[1]: bluetooth.service: Failed with result 'core-dump'.
>
>
> > ---
> > v2: Cosmetic Changes (Bluez Test Bot)
> > v5: Resolved GitLint warning (tedd_an/GitLint)
> > ---
> >
> > src/shared/vcp.c | 25 ++++++++++++++++++-------
> > 1 file changed, 18 insertions(+), 7 deletions(-)
> >
> > diff --git a/src/shared/vcp.c b/src/shared/vcp.c
> > index 92f21fd0b..74bd01729 100644
> > --- a/src/shared/vcp.c
> > +++ b/src/shared/vcp.c
> > @@ -32,9 +32,13 @@
> >
> > #define VCP_STEP_SIZE 1
> >
> > +#define VOCS_VOL_OFFSET_UPPER_LIMIT 255
> > +#define VOCS_VOL_OFFSET_LOWER_LIMIT -255
> > +
> > /* Apllication Error Code */
> > #define BT_ATT_ERROR_INVALID_CHANGE_COUNTER 0x80
> > #define BT_ATT_ERROR_OPCODE_NOT_SUPPORTED 0x81
> > +#define BT_ATT_ERROR_VALUE_OUT_OF_RANGE 0x82
> >
> > #define BT_VCP_NA BIT(0)
> > #define BT_VCP_FRONT_LEFT BIT(1)
> > @@ -100,7 +104,7 @@ struct bt_vcs_ab_vol {
> >
> > struct bt_vocs_set_vol_off {
> > uint8_t change_counter;
> > - uint8_t set_vol_offset;
> > + int16_t set_vol_offset;
> > } __packed;
> >
> > struct bt_vcp_cb {
> > @@ -167,7 +171,7 @@ struct bt_vcs {
> >
> > /* Contains local bt_vcp_db */
> > struct vol_offset_state {
> > - uint16_t vol_offset;
> > + int16_t vol_offset;
> > uint8_t counter;
> > } __packed;
> >
> > @@ -705,6 +709,11 @@ static uint8_t vocs_set_vol_offset(struct bt_vocs *vocs, struct bt_vcp *vcp,
> > return BT_ATT_ERROR_INVALID_CHANGE_COUNTER;
> > }
> >
> > + if (req->set_vol_offset > VOCS_VOL_OFFSET_UPPER_LIMIT ||
> > + req->set_vol_offset < VOCS_VOL_OFFSET_LOWER_LIMIT) {
> > + DBG(vcp, "error: Value Out of Range");
> > + return BT_ATT_ERROR_VALUE_OUT_OF_RANGE;
> > + }
> > vstate->vol_offset = req->set_vol_offset;
> > vstate->counter = -~vstate->counter; /*Increment Change Counter*/
> >
> > @@ -971,7 +980,7 @@ static void vocs_voaodec_read(struct gatt_db_attribute *attrib,
> > iov.iov_len);
> > }
> >
> > -static struct bt_vcs *vcs_new(struct gatt_db *db)
> > +static struct bt_vcs *vcs_new(struct gatt_db *db, struct bt_vcp_db *vdb)
> > {
> > struct bt_vcs *vcs;
> > struct vol_state *vstate;
> > @@ -990,6 +999,8 @@ static struct bt_vcs *vcs_new(struct gatt_db *db)
> > /* Populate DB with VCS attributes */
> > bt_uuid16_create(&uuid, VCS_UUID);
> > vcs->service = gatt_db_add_service(db, &uuid, true, 9);
> > + gatt_db_service_add_included(vcs->service, vdb->vocs->service);
> > + gatt_db_service_set_active(vdb->vocs->service, true);
> >
> > bt_uuid16_create(&uuid, VOL_STATE_CHRC_UUID);
> > vcs->vs = gatt_db_service_add_characteristic(vcs->service,
> > @@ -1048,7 +1059,8 @@ static struct bt_vocs *vocs_new(struct gatt_db *db)
> >
> > /* Populate DB with VOCS attributes */
> > bt_uuid16_create(&uuid, VOL_OFFSET_CS_UUID);
> > - vocs->service = gatt_db_add_service(db, &uuid, true, 9);
> > +
> > + vocs->service = gatt_db_add_service(db, &uuid, false, 12);
> >
> > bt_uuid16_create(&uuid, VOCS_STATE_CHAR_UUID);
> > vocs->vos = gatt_db_service_add_characteristic(vocs->service,
> > @@ -1110,11 +1122,10 @@ static struct bt_vcp_db *vcp_db_new(struct gatt_db *db)
> > if (!vcp_db)
> > vcp_db = queue_new();
> >
> > - vdb->vcs = vcs_new(db);
> > - vdb->vcs->vdb = vdb;
> > -
> > vdb->vocs = vocs_new(db);
> > vdb->vocs->vdb = vdb;
> > + vdb->vcs = vcs_new(db, vdb);
> > + vdb->vcs->vdb = vdb;
> >
> > queue_push_tail(vcp_db, vdb);
> >
>
--
Luiz Augusto von Dentz
