Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Sun, 26 Jan 2025 12:22:44 +0200 you wrote:
> In gatt_db_attribute_get_value(), avoid NULL pointer deref if attribute
> or db is in unexpected state and attrib at index-1 is missing.
>
> Fixes btmon -r crash, on a packet capture obtained with btmon -w after
> clearing BlueZ attributes & cache for the device:
>
> ==208213==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c
> ==208213==The signal is caused by a READ memory access.
> ==208213==Hint: address points to the zero page.
> #0 0x5af4a6 in bt_uuid_to_uuid128 lib/uuid.c:65
> #1 0x5afd54 in bt_uuid_cmp lib/uuid.c:118
> #2 0x5d0dd2 in gatt_db_attribute_get_value src/shared/gatt-db.c:1663
> #3 0x56aeab in print_value monitor/att.c:158
> #4 0x56b80f in print_attribute monitor/att.c:207
> #5 0x5982f7 in print_handle monitor/att.c:4417
> #6 0x59b1b8 in print_write monitor/att.c:4598
> #7 0x59b796 in att_write_req monitor/att.c:4627
> #8 0x59e91e in att_packet monitor/att.c:4918
> #9 0x4f4847 in l2cap_frame monitor/l2cap.c:2567
> #10 0x4f6022 in l2cap_packet monitor/l2cap.c:2708
> #11 0x4a48f6 in packet_hci_acldata monitor/packet.c:12606
> #12 0x43952a in packet_monitor monitor/packet.c:4247
> #13 0x4170c9 in control_reader monitor/control.c:1517
> #14 0x402f76 in main monitor/main.c:277
>
> [...]
Here is the summary with links:
- [BlueZ] shared/gatt-db: fix crash on bad attribute index
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=9f11c1817c56
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
