| Message ID | 20230918212219.190667-1-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ] shared/log: Fix not checking vasprintf return | expand |
diff --git a/src/shared/log.c b/src/shared/log.c index 3f18e803d8e9..22b9850f6f11 100644 --- a/src/shared/log.c +++ b/src/shared/log.c @@ -135,7 +135,7 @@ int bt_log_vprintf(uint16_t index, const char *label, int level, int len; len = vasprintf(&str, format, ap); - if (len < 0) + if (len < 0 || !str) return errno; len = strlen(str);
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> It seems like some implementation of vasprintf set the content of the str to NULL rather then returning -1 causing the following errors: ================================================================= ==216204==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x55e787722cf0 in thread T0 #0 0x55e784f75872 in __interceptor_free.part.0 asan_malloc_linux.cpp.o #1 0x55e7850e55f9 in bt_log_vprintf /usr/src/debug/bluez-git/bluez-git/src/shared/log.c:154:2 #2 0x55e78502db18 in monitor_log /usr/src/debug/bluez-git/bluez-git/src/log.c:40:2 #3 0x55e78502dab4 in info /usr/src/debug/bluez-git/bluez-git/src/log.c:52:2 #4 0x55e78502e314 in __btd_log_init /usr/src/debug/bluez-git/bluez-git/src/log.c:179:2 #5 0x55e78502aa63 in main /usr/src/debug/bluez-git/bluez-git/src/main.c:1388:2 #6 0x7f1d5fe27ccf (/usr/lib/libc.so.6+0x27ccf) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) #7 0x7f1d5fe27d89 in __libc_start_main (/usr/lib/libc.so.6+0x27d89) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) #8 0x55e784e88084 in _start (/usr/lib/bluetooth/bluetoothd+0x36084) (BuildId: 19348ea642303b701c033d773055becb623fe79a) Address 0x55e787722cf0 is a wild pointer inside of access range of size 0x000000000001. SUMMARY: AddressSanitizer: bad-free asan_malloc_linux.cpp.o in __interceptor_free.part.0 ==216204==ABORTING сен 18 13:10:02 archlinux systemd[1]: bluetooth.service: Main process exited, code=exited, status=1/FAILURE --- src/shared/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)