Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Mon, 16 Sep 2024 16:22:31 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
>
> This fixes the following crash which happens when
> bt_uhid_unregister_all is called from a notification callback:
>
> Invalid read of size 8
> at 0x1D9EFF: queue_foreach (queue.c:206)
> by 0x1DEE58: uhid_read_handler (uhid.c:164)
> Address 0x51286d8 is 8 bytes inside a block of size 16 free'd
> at 0x48478EF: free (vg_replace_malloc.c:989)
> by 0x1DA08D: queue_remove_if (queue.c:292)
> by 0x1DA12F: queue_remove_all (queue.c:321)
> by 0x1DE592: bt_uhid_unregister_all (uhid.c:300)
>
> [...]
Here is the summary with links:
- [BlueZ,v1,1/2] shared/uhid: Fix not crash after bt_uhid_unregister_all
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9a6a84a8a2b9
- [BlueZ,v1,2/2] test-uhid: Add call to bt_uhid_unregister_all
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=f9f98c0b2aa4
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
