Hi Arthur,
On Wed, Jun 3, 2020 at 11:22 AM Arthur Lambert
<lambertarthur22@xxxxxxxxx> wrote:
>
> Hi Luiz,
> thanks for your reply!
>
> Sorry I am lazy and stupid. I know that your next question will be
> around symbol...
>
> After removing the binary strip option and enable debug symbol :
>
> bluetoothd[246]: src/device.c:device_svc_resolved()
> /org/bluez/hci0/dev_80_32_53_37_58_A6 err -5
> bluetoothd[246]: src/device.c:gatt_debug() Read By Grp Type - start:
> 0x00bb end: 0xffff
> bluetoothd[246]: src/device.c:gatt_debug() Read By Grp Type - start:
> 0x0001 end: 0xffff
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x0001 end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x0001 end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x002a end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x0053 end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x007a end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x00a3 end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x00ba end: 0x00ba
> bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start:
> 0x0001 end: 0xffff
> bluetoothd[246]: src/gatt-database.c:db_hash_read_cb() Database Hash read
> ==246== Invalid read of size 1
> ==246== at 0x4831BA4: memcpy (vg_replace_strmem.c:1035)
> ==246== by 0x87F3B: read_by_type_read_complete_cb (gatt-server.c:392)
> ==246== by 0x892AB: pending_read_result (gatt-db.c:145)
> ==246== by 0x8B2FB: gatt_db_attribute_read_result (gatt-db.c:1866)
> ==246== by 0x3AB0B: db_hash_read_cb (gatt-database.c:1156)
> ==246== by 0x8B1AB: gatt_db_attribute_read (gatt-db.c:1825)
> ==246== by 0x87DB7: process_read_by_type (gatt-server.c:482)
> ==246== by 0x8854F: read_by_type_cb (gatt-server.c:559)
> ==246== by 0x81727: handle_notify (att.c:966)
> ==246== by 0x81873: can_read_data (att.c:1057)
> ==246== by 0x8B91B: watch_callback (io-glib.c:170)
> ==246== by 0x488A413: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.5600.3)
> ==246== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==246==
> ==246==
> ==246== Process terminating with default action of signal 11 (SIGSEGV)
> ==246== Access not within mapped region at address 0x0
> ==246== at 0x4831BA4: memcpy (vg_replace_strmem.c:1035)
> ==246== by 0x87F3B: read_by_type_read_complete_cb (gatt-server.c:392)
> ==246== by 0x892AB: pending_read_result (gatt-db.c:145)
> ==246== by 0x8B2FB: gatt_db_attribute_read_result (gatt-db.c:1866)
> ==246== by 0x3AB0B: db_hash_read_cb (gatt-database.c:1156)
> ==246== by 0x8B1AB: gatt_db_attribute_read (gatt-db.c:1825)
> ==246== by 0x87DB7: process_read_by_type (gatt-server.c:482)
> ==246== by 0x8854F: read_by_type_cb (gatt-server.c:559)
> ==246== by 0x81727: handle_notify (att.c:966)
> ==246== by 0x81873: can_read_data (att.c:1057)
> ==246== by 0x8B91B: watch_callback (io-glib.c:170)
> ==246== by 0x488A413: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.5600.3)
> ==246== If you believe this happened as a result of a stack
> ==246== overflow in your program's main thread (unlikely but
> ==246== possible), you can try to increase the size of the
> ==246== main thread stack using the --main-stacksize= flag.
> ==246== The main thread stack size used in this run was 8388608.
> /usr/bin/bluetoothd: can't resolve symbol '__libc_freeres'
>
> is it the crypto error that you expect?
> Could you share a sha1 commit or a link to the patch to test the potential fix?
Ive just pushed the fix:
commit 41a5413023fa85bc711d461eb736a0624542df2d
Author: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Date: Wed Jun 3 10:31:59 2020 -0700
gatt: Fix possible crash when unable to generate hash
--
Luiz Augusto von Dentz
