Re: bluetoothd crashes when connecting to XiaoMi RC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Patrick,

On Sun, Nov 22, 2015 at 2:49 AM,  <boyiliao@xxxxxxxxxxxx> wrote:
> Hi,
>
> The below is my workaroung right new, but in "g_attrib_ref" function should
> be another way to fix this crash.
>
> guint gatt_read_char(GAttrib *attrib, uint16_t handle, GAttribResultFunc
> func,
>                            gpointer user_data)
> {
>    uint8_t *buf;
>    size_t buflen;
>    guint16 plen;
>    guint id;
>    struct read_long_data *long_read;
>
>    long_read = g_try_new0(struct read_long_data, 1);
>
>    if (long_read == NULL)
>        return 0;
>        printf("call from here %d\n",__LINE__);
>    long_read->attrib = g_attrib_ref(attrib);
> +        if(long_read->attrib == NULL)
> +            return 0;
>    long_read->func = func;
>
>
>
>
> GAttrib *g_attrib_ref(GAttrib *attrib)
> {
>    if (!attrib)
>        return NULL;
>
> +        if(attrib->ref_count > 30)
> +       {
> +            return NULL;
> +        }
>    __sync_fetch_and_add(&attrib->ref_count, 1);
>
>    DBG("%p: g_attrib_ref=%d ", attrib, attrib->ref_count);
>
>    return attrib;
> }
>
> BR,
> Patirck
>
> -----原始郵件----- From: boyiliao@xxxxxxxxxxxx
> Sent: Sunday, November 22, 2015 8:21 AM
> To: linux-bluetooth@xxxxxxxxxxxxxxx ; Majordomo@xxxxxxxxxxxxxxx
> Subject: bluetoothd crashes when connecting to XiaoMi RC
>
>
> Hi,
>
> I am using bluez 5.35 on Raspberry pi (kernel 4.1.6).
>
> I try to using XiaoMi BLE remote control on Raspberry pi , I found when
> gatt.c gatt_read_char() function call gattrib.c g_attrib_ref () will cause
> bluetoothd crashed, because I think it acess a wrong address
> "attrib/gattrib.c:g_attrib_ref() 0x1c9210: g_attrib_ref=808464433"
>
> the attachment is the bluetoothd log

bluetoothd[7711]: attrib/gattrib.c:g_attrib_ref() 0x1c60f0: g_attrib_ref=6
bluetoothd[7711]: attrib/gattrib.c:g_attrib_ref() 0x1c9210:
g_attrib_ref=808464433

Looks like the correct is 0x1c60f0 not 0x1c9210, this is really weird
since it seems to be all the same instance which would mean something
is corrupting the memory in between references. Can you try running
with upstream? Btw it is probably a good idea to run with valgrind so
we can get a backtrace of the problem.


-- 
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux