diff mbox series

[BlueZ] transport: Fix crash with broadcast properties

Message ID 20230824050045.4019298-1-luiz.dentz@gmail.com
State New
Headers show
Series [BlueZ] transport: Fix crash with broadcast properties | expand

Commit Message

Luiz Augusto von Dentz Aug. 24, 2023, 5 a.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When connecting a BAP unicast stream the followin crash can be observed:

Access not within mapped region at address 0x1D4C0000000A
  at 0x14F759: get_bcode (transport.c:1121)
  by 0x1E02E4: append_property.isra.0 (object.c:498)
  by 0x1E03B9: append_properties (object.c:527)
  by 0x1E2AAB: g_dbus_get_properties (object.c:1811)
  by 0x14B9B6: pac_config (media.c:1130)
---
 profiles/audio/transport.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/profiles/audio/transport.c b/profiles/audio/transport.c
index f7a29ca83c2d..dd923b03ed9d 100644
--- a/profiles/audio/transport.c
+++ b/profiles/audio/transport.c
@@ -1199,7 +1199,7 @@  static gboolean get_timeout(const GDBusPropertyTable *property,
 	return TRUE;
 }
 
-static const GDBusPropertyTable bap_properties[] = {
+static const GDBusPropertyTable bap_ucast_properties[] = {
 	{ "Device", "o", get_device },
 	{ "UUID", "s", get_uuid },
 	{ "Codec", "y", get_codec },
@@ -1218,6 +1218,16 @@  static const GDBusPropertyTable bap_properties[] = {
 	{ "Location", "u", get_location },
 	{ "Metadata", "ay", get_metadata },
 	{ "Links", "ao", get_links, NULL, links_exists },
+	{ }
+};
+
+
+static const GDBusPropertyTable bap_bcast_properties[] = {
+	{ "Device", "o", get_device },
+	{ "UUID", "s", get_uuid },
+	{ "Codec", "y", get_codec },
+	{ "Configuration", "ay", get_configuration },
+	{ "State", "s", get_state },
 	{ "BIG", "y", get_big, NULL, qos_exists },
 	{ "BIS", "y", get_bis, NULL, qos_exists },
 	{ "SyncInterval", "y", get_sync_interval, NULL, qos_exists },
@@ -1229,6 +1239,9 @@  static const GDBusPropertyTable bap_properties[] = {
 	{ "SyncCteType", "y", get_sync_cte_type, NULL, qos_exists },
 	{ "MSE", "y", get_mse, NULL, qos_exists },
 	{ "Timeout", "q", get_timeout, NULL, qos_exists },
+	{ "Endpoint", "o", get_endpoint, NULL, endpoint_exists },
+	{ "Location", "u", get_location },
+	{ "Metadata", "ay", get_metadata },
 	{ }
 };
 
@@ -1876,12 +1889,15 @@  struct media_transport *media_transport_create(struct btd_device *device,
 			goto fail;
 		properties = a2dp_properties;
 	} else if (!strcasecmp(uuid, PAC_SINK_UUID) ||
-				!strcasecmp(uuid, PAC_SOURCE_UUID) ||
-				!strcasecmp(uuid, BCAA_SERVICE_UUID) ||
+				!strcasecmp(uuid, PAC_SOURCE_UUID)) {
+		if (media_transport_init_bap(transport, stream) < 0)
+			goto fail;
+		properties = bap_ucast_properties;
+	} else if (!strcasecmp(uuid, BCAA_SERVICE_UUID) ||
 				!strcasecmp(uuid, BAA_SERVICE_UUID)) {
 		if (media_transport_init_bap(transport, stream) < 0)
 			goto fail;
-		properties = bap_properties;
+		properties = bap_bcast_properties;
 	} else
 		goto fail;