| Message ID | 20240703090305.14542-1-r.smirnov@omp.ru |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ,v1] shared/bap: prevent dereferencing of NULL pointers in ascs_ase_read() | expand |
Hello: This patch was applied to bluetooth/bluez.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Wed, 3 Jul 2024 12:03:05 +0300 you wrote: > If the user_data argument is NULL, a NULL pointer will > be dereferenced. It is necessary to prevent this case. > > Found with the SVACE static analysis tool. > --- > src/shared/bap.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) Here is the summary with links: - [BlueZ,v1] shared/bap: prevent dereferencing of NULL pointers in ascs_ase_read() https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=8a22c17bc996 You are awesome, thank you!
diff --git a/src/shared/bap.c b/src/shared/bap.c index ec54da341..cb5ea9e84 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -805,12 +805,17 @@ static void ascs_ase_read(struct gatt_db_attribute *attrib, void *user_data) { struct bt_ase *ase = user_data; - struct bt_bap *bap = bap_get_session(att, ase->ascs->bdb->db); - struct bt_bap_endpoint *ep = bap_get_endpoint(bap->local_eps, - bap->ldb, attrib); + struct bt_bap *bap = NULL; + struct bt_bap_endpoint *ep = NULL; struct bt_ascs_ase_status rsp; - if (!ase || !bap || !ep) { + if (ase) + bap = bap_get_session(att, ase->ascs->bdb->db); + + if (bap) + ep = bap_get_endpoint(bap->local_eps, bap->ldb, attrib); + + if (!ep) { gatt_db_attribute_read_result(attrib, id, BT_ATT_ERROR_UNLIKELY, NULL, 0); return;