Re: [PATCH BlueZ 1/2] gdbus: Fix crash when calling g_dbus_add_service_watch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Tue, Aug 19, 2014 at 3:05 PM, Luiz Augusto von Dentz
<luiz.dentz@xxxxxxxxx> wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
>
> If g_dbus_add_service_watch is called for service which bus name is
> already known the following crash can happen:
>
> invalid read of size 1
>   at 0x4C2A2F2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>   by 0x4E97722: g_strdup (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x405B0C: update_name_cache (watch.c:435)
>   by 0x405C37: update_service (watch.c:593)
>   by 0x4E7A2A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E7A627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E7AA39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4038EA: client_ready (test-gdbus-client.c:1014)
>   by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x403614: main (test-gdbus-client.c:1058)
> Address 0x5dbe5d0 is 0 bytes inside a block of size 7 free'd
>   at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>   by 0x4E7FF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x405B04: update_name_cache (watch.c:434)
>   by 0x405C37: update_service (watch.c:593)
>   by 0x4E7A2A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E7A627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E7AA39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4038EA: client_ready (test-gdbus-client.c:1014)
>   by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
>   by 0x403614: main (test-gdbus-client.c:1058)
> ---
>  gdbus/watch.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/gdbus/watch.c b/gdbus/watch.c
> index 474d3d4..2f5e865 100644
> --- a/gdbus/watch.c
> +++ b/gdbus/watch.c
> @@ -595,7 +595,6 @@ static gboolean update_service(void *user_data)
>         struct filter_callback *cb = data->callback;
>         DBusConnection *conn;
>
> -       update_name_cache(data->name, data->owner);
>         conn = dbus_connection_ref(data->conn);
>         service_data_free(data);
>
> --
> 1.9.3

Applied.


-- 
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux