From patchwork Fri May 10 12:10:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796407 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48C4716F84A for ; Fri, 10 May 2024 12:14:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343252; cv=none; b=YKMxsJuMUHtKYgCbwNZo3rZ/d5hW6fJY6+PTSh+STVQv3UWvAiqe3QsXliby5uYE/rJlg71JOhaU8l/hMdaxfDMUBrbrVfdI3ul7/zhr6Ay363RfM7I9/KTxCacqu5lcaQJgzczbI1Q3i9UPDOMR4TS7e5V2tCNJcwlhaGYJIQ4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343252; c=relaxed/simple; bh=Yh0PDSY9sQwh0O2/JTlu7MTW12Eg3DPcxr2592X6H/M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OBNB4IgkQzGPYd/zPkZ9wB1cWdxjDHI0ef439NDPuMX0oUyB4okt5lvp6FYi6HG5XYW5h//0LnIQebEKWMXOa0Qfo02jsNAoPzLmjOoSH192vVLYs60tWYqS8Y41Y58uPfoQgPWILn72Y2IFtk4ZA+SpqXbLlCLs1L3Lrz/HgiA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id DB75B6000A; Fri, 10 May 2024 12:13:55 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 01/20] adapter: Use false instead of 0 for bool Date: Fri, 10 May 2024 14:10:11 +0200 Message-ID: <20240510121355.3241456-2-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net --- src/adapter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 5505edbb29c1..8b478e213cb5 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -2413,7 +2413,7 @@ static int update_discovery_filter(struct btd_adapter *adapter) * starting discovery. */ if (filters_equal(adapter->current_discovery_filter, sd_cp) && - adapter->discovering != 0) { + adapter->discovering != false) { DBG("filters were equal, deciding to not restart the scan."); g_free(sd_cp); return 0; From patchwork Fri May 10 12:10:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796406 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49674170889 for ; Fri, 10 May 2024 12:14:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343253; cv=none; b=mgofisy0Nr5zmi88ePf3AcsjqahgKXIHvJNeZ1qCHU+wa/1SvtVc359imDmjMvKgNA5pce8ZVJad6cH0+JEJnwg5tzo4+oj2HlUAxYnyyPk973doX/5oCfiVh2XXRG8HwlSReRzbbyNDTm4NsQvPrao0MByHs5yW+wOM0QD6ACQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343253; c=relaxed/simple; bh=qz8dsn86PoKyiEMWJOJVKAKfMqx70ZUJV6tnXXFCHS0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qqMG5kcRWHZf90j592THZ4lQPb+pFvIOJ/rXD78Jx2oZHiDB1ENoL0vmAuJyqmoSCdrOgy3QUHjFgCii1mj88HeF/7+qIJwXsFRO3Q6moA/e5yPaxCjmkCno4QevhUy4pb3u9PhlB5atTRBZKCEnmRIJDI4TURhw1AzBs2XCw9w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 40E7560002; Fri, 10 May 2024 12:13:56 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 02/20] attrib/gatt: Guard against possible integer overflow Date: Fri, 10 May 2024 14:10:12 +0200 Message-ID: <20240510121355.3241456-3-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: INTEGER_OVERFLOW (CWE-190): [#def30] bluez-5.75/attrib/gatt.c:1016:2: known_value_assign: "last" = "65535", its value is now 65535. bluez-5.75/attrib/gatt.c:1087:2: overflow_const: Expression "dd->start", which is equal to 65536, where "last + 1" is known to be equal to 65536, overflows the type that receives it, an unsigned integer 16 bits wide. 1085| } 1086| 1087|-> dd->start = last + 1; 1088| 1089| if (last < dd->end && !uuid_found) { --- attrib/gatt.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/attrib/gatt.c b/attrib/gatt.c index b496dd1ebd95..3cedae9d167a 100644 --- a/attrib/gatt.c +++ b/attrib/gatt.c @@ -1076,10 +1076,12 @@ static void desc_discovered_cb(guint8 status, const guint8 *ipdu, att_data_list_free(list); /* - * If last handle is lower from previous start handle then it is smth - * wrong. Let's stop search, otherwise we might enter infinite loop. + * If last handle is lower from previous start handle or if iterating + * to the next handle from the last possible offset would overflow, then + * something is wrong. Let's stop search, otherwise we might enter + * infinite loop. */ - if (last < dd->start) { + if (last < dd->start || last == G_MAXUINT16) { err = ATT_ECODE_UNLIKELY; goto done; } From patchwork Fri May 10 12:10:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796408 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4960817085F for ; Fri, 10 May 2024 12:14:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343251; cv=none; b=fOk5buaOumvJSrWds08mF0qGoavOs/uWtCJ5dOt70Cme/VR7P84dn2PCuMwsfwjuZSI6NvJmHQQlJgrw+6jxm5rj0h4tnhg5mlRqriwY0174Y53Lsbxwdi9VmZJB7FLF6U0ZmAcvzGfVr4XeAN0bC+AfhO4XCE27ruRT4S7URsE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343251; c=relaxed/simple; bh=TmByswNQKHOXRhWykun5laQ2PUPsFpZeRBbgJLQuE2w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aS1xSD5B0AXnp0+/s6IHvUp1cCuN23nmzuQqC8ZW5S5dZTQ4LX6Cnrsoe8JNbTjtPoT47b5bHb0saY0IQCGJiH0VTbZ6o8kh2HEFaR0aJ+5qBfO4Ofn+4uRD7EVPZNt5NjJpGeMNMJ4hdmr4Kgt2r6bPsH3GxKsQaIdbyU6fes8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 86A0860005; Fri, 10 May 2024 12:13:56 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 03/20] client/gatt: Don't pass negative fd on error Date: Fri, 10 May 2024 14:10:13 +0200 Message-ID: <20240510121355.3241456-4-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: NEGATIVE_RETURNS (CWE-394): [#def33] bluez-5.75/client/gatt.c:973:2: negative_return_fn: Function "io_get_fd(io)" returns a negative number. bluez-5.75/client/gatt.c:973:2: negative_returns: "io_get_fd(io)" is passed to a parameter that cannot be negative. 971| msg.msg_iovlen = iovlen; 972| 973|-> ret = sendmsg(io_get_fd(io), &msg, MSG_NOSIGNAL); 974| if (ret < 0) { 975| ret = -errno; Error: NEGATIVE_RETURNS (CWE-394): [#def34] bluez-5.75/client/gatt.c:1049:2: negative_return_fn: Function "io_get_fd(io)" returns a negative number. bluez-5.75/client/gatt.c:1049:2: assign: Assigning: "fd" = "io_get_fd(io)". bluez-5.75/client/gatt.c:1062:2: negative_returns: "fd" is passed to a parameter that cannot be negative. 1060| msg.msg_iovlen = 1; 1061| 1062|-> bytes_read = recvmsg(fd, &msg, MSG_DONTWAIT); 1063| if (bytes_read < 0) { 1064| bt_shell_printf("recvmsg: %s", strerror(errno)); --- client/gatt.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/client/gatt.c b/client/gatt.c index 3aaa7a9361b9..6c7603985172 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -966,11 +966,15 @@ static int sock_send(struct io *io, struct iovec *iov, size_t iovlen) struct msghdr msg; int ret; + ret = io_get_fd(io); + if (ret < 0) + return ret; + memset(&msg, 0, sizeof(msg)); msg.msg_iov = iov; msg.msg_iovlen = iovlen; - ret = sendmsg(io_get_fd(io), &msg, MSG_NOSIGNAL); + ret = sendmsg(ret, &msg, MSG_NOSIGNAL); if (ret < 0) { ret = -errno; bt_shell_printf("sendmsg: %s", strerror(-ret)); @@ -1052,6 +1056,11 @@ static bool sock_read(struct io *io, void *user_data) if (io != notify_io.io && !chrc) return true; + if (fd < 0) { + bt_shell_printf("recvmsg: %s", strerror(-fd)); + return false; + } + iov.iov_base = buf; iov.iov_len = sizeof(buf); From patchwork Fri May 10 12:10:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796066 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 650FF16FF36 for ; Fri, 10 May 2024 12:14:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343253; cv=none; b=FbWKAR/7trYZg0q3LVqQgQWDB4XDUrLbCf2yzyy2pgoutMezGJO8dlXDsEEpp2eVr/NvDAlREMBJw6kY3BB1vGmk8hW+4ovVgZOyNnw5mw4DFTSopYSCFIRS5aFi2zOuivc+QWzC0pr4uVSLjNmTKbFCdAgHTcaDh+uEwy8+K4g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343253; c=relaxed/simple; bh=e+sq0Jf3tfFbQj8Hi0APs5Ay6QGQNzh6bDMCsDQ2Jms=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hA+dOq/EJWFpejEfj2WXtsE8sl2Gk0AJ4fSFUtHb7nTvphEqx32QvGJRk3Zm3MWkyg9N5PUOy42sEOkuVb0Kpd8mdJ3L7RUkgrZPJ8PYZb2cMXhG9BE8ERHSRSB8WeqLu5SfwSPcLf1RVRs76nfzABCgMKOj92OtYJFc84/Jma8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id D32856000B; Fri, 10 May 2024 12:13:56 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 04/20] client/gatt: Check write_value() retval Date: Fri, 10 May 2024 14:10:14 +0200 Message-ID: <20240510121355.3241456-5-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: CHECKED_RETURN (CWE-252): [#def35] bluez-5.75/client/gatt.c:3191:3: check_return: Calling "write_value" without checking return value (as is done elsewhere 5 out of 6 times). bluez-5.75/client/gatt.c:2371:2: example_checked: Example 1: "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)". bluez-5.75/client/gatt.c:2502:2: example_checked: Example 2: "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)". bluez-5.75/client/gatt.c:2919:2: example_checked: Example 3: "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)" has its value checked in "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)". bluez-5.75/client/gatt.c:759:3: example_checked: Example 4: "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)" has its value checked in "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)". bluez-5.75/client/gatt.c:775:3: example_checked: Example 5: "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)" has its value checked in "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)". 3189| } 3190| 3191|-> write_value(&chrc->value_len, &chrc->value, value, len, 3192| 0, chrc->max_val_len); --- client/gatt.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/client/gatt.c b/client/gatt.c index 6c7603985172..e85031277bd5 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -3197,9 +3197,13 @@ static void proxy_property_changed(GDBusProxy *proxy, const char *name, dbus_message_iter_get_fixed_array(&array, &value, &len); } - write_value(&chrc->value_len, &chrc->value, value, len, - 0, chrc->max_val_len); - bt_shell_hexdump(value, len); + if (write_value(&chrc->value_len, &chrc->value, value, len, + 0, chrc->max_val_len)) { + bt_shell_printf("Unable to update property value for %s\n", + name); + } else { + bt_shell_hexdump(value, len); + } } g_dbus_emit_property_changed(conn, chrc->path, CHRC_INTERFACE, name); From patchwork Fri May 10 12:10:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796067 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6535C16FF3B for ; Fri, 10 May 2024 12:14:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343252; cv=none; b=NCycnBPMTCqtlOHFbrkK1fB5k/PTw01tVWQgydBwWRALlCgpW9Ofa7qywjYuC4hW7i0FkoMjEmPnd8NWo1cwXln2NHCRox9n9yu1dXDPhOkO8tdiqkT/9UNLlNNrxLENwCbZRD4CYSW2kM613V9CkgnkEGyQGVyuIGb5Q5DZqBM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343252; c=relaxed/simple; bh=P+yjKjRjvdbaSXIaURzo3y+tgDv6GopWUV9BqCIn29k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GJpcLnTPJbuyOHcOsHmoQUacm0KzPLZZydIH/81ugeQUST4QQRrHA5Wp2mKcvTin882G3VMj69bCuqwvoLWewntGL+Gt8sKy29dD9OQcSLW9xJuuvWqHrjbXh5POXUAfYk2GnZH+bIzwmTE3z5X1jbu6ymVf6570/P0YbsEv4IY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 2DF246000E; Fri, 10 May 2024 12:13:57 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 05/20] client/main: Fix array access Date: Fri, 10 May 2024 14:10:15 +0200 Message-ID: <20240510121355.3241456-6-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: CPPCHECK_WARNING (CWE-788): [#def36] bluez-5.75/client/main.c:833: error[ctuArrayIndex]: Array index out of bounds; 'argv' buffer size is 0 and it is accessed at offset 1. 831| const char **opt; 832| 833|-> if (!strcmp(argv[1], "help")) { 834| for (opt = arg_table; opt && *opt; opt++) 835| bt_shell_printf("%s\n", *opt); --- client/main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/main.c b/client/main.c index 51d08a67aa1a..f703cc91b24a 100644 --- a/client/main.c +++ b/client/main.c @@ -830,6 +830,11 @@ static gboolean parse_argument(int argc, char *argv[], const char **arg_table, { const char **opt; + if (argc < 2) { + bt_shell_printf("Missing argument to %s\n", argv[0]); + return FALSE; + } + if (!strcmp(argv[1], "help")) { for (opt = arg_table; opt && *opt; opt++) bt_shell_printf("%s\n", *opt); From patchwork Fri May 10 12:10:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796403 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 650B716F267 for ; Fri, 10 May 2024 12:14:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=NeTxyJ6B+V9ZEZy5Htx31kbzc9Hg7GT/L3hDN9DfMaIPgbrNu+2HjfmJEBy9I86J2ScKg3sBT1JIoxcrWBTLXp9kyj0knvtHg6rN5d/iIwPTPK/AEa3B/7j4FDIoNyOhDDUQxLUe4QtZSFegk+OcvGpMxopKvdNKFs1/IckvGSQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=F9aBXHTyJ8yCD7egItUeFRNE5MgkR7fAK7lVYebRWgM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S8I+AAGNAFcZGoffWyO64kUgN/EszFM4JOiR5tatHGo+D7wB+3bsBxoBayxsdgKbSICLeDTtfhjNGj4O6mvlx7N1AlM+M6INNQcFA8EEfQxivkYsB5RI4hNNaEXir0elf9wf8kUnvqyZBh1ywnYDTSBu2RcPywT7dMKIfWNxJ4g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 75ED46000F; Fri, 10 May 2024 12:13:57 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 06/20] client/main: Fix mismatched free Date: Fri, 10 May 2024 14:10:16 +0200 Message-ID: <20240510121355.3241456-7-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: ALLOC_FREE_MISMATCH (CWE-762): [#def37] bluez-5.75/client/main.c:2108:2: alloc: Allocation of memory which must be freed using "g_free". bluez-5.75/client/main.c:2108:2: assign: Assigning: "desc" = "g_strdup_printf("\x1b[0;94m[%s]\x1b[0m# ", attr)". bluez-5.75/client/main.c:2111:2: free: Calling "free" frees "desc" using "free" but it should have been freed using "g_free". 2109| 2110| bt_shell_set_prompt(desc); 2111|-> free(desc); 2112| } 2113| --- client/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/main.c b/client/main.c index f703cc91b24a..f967c149e7bd 100644 --- a/client/main.c +++ b/client/main.c @@ -2113,7 +2113,7 @@ static void set_default_local_attribute(char *attr) desc = g_strdup_printf(COLOR_BLUE "[%s]" COLOR_OFF "# ", attr); bt_shell_set_prompt(desc); - free(desc); + g_free(desc); } static void cmd_select_attribute(int argc, char *argv[]) From patchwork Fri May 10 12:10:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796061 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 788E416F0FD for ; Fri, 10 May 2024 12:14:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=Gubk5hhw0X2V3zQ8oXSzHQ8SIU5WVQJ1RnHthAPT28KoDPDTPDs9wQ7hjBtQsnqNxR2RRbIHCfNONXnjtywPO+dgyDHresYlttiPYkQpX4KCSmFScasMzol96h2RaX9WaO/WyFFI2rhJGT5xoxFb9O31UH/6LVIvOq2RzDw5Xt0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=LzkVIViMWIOKpornHLG/Viby6Q0GIaFx/oJcwTC9KMw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=n4fHFJeRGD1Nd2E4Oep4NSLoMPAWUBJWxaaJ99QkGA2p8zkGO7xVG9rxWDprwgiXyxuh88WS/OW8su+YPtBXMM9rOR8+84ewEwc3b010cQjkTUBJbwHLhjsACmNhrj+B+Jy5JJFs9e0m9Y0tYNcFScqLNq2qwLtto5cQqCfQDFM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id C099660010; Fri, 10 May 2024 12:13:57 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 07/20] monitor/att: Fix memory leak Date: Fri, 10 May 2024 14:10:17 +0200 Message-ID: <20240510121355.3241456-8-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net name2utf8() returns newly allocated memory which needs to be freed. Error: RESOURCE_LEAK (CWE-772): [#def27] [important] bluez-5.75/monitor/att.c:2291:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2291:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2293:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2294:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2292| 2293| print_field(" Media Player Name: %s", name); 2294|-> } 2295| 2296| static void mp_name_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def28] [important] bluez-5.75/monitor/att.c:2320:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2320:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2322:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2323:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2321| 2322| print_field(" Track Title: %s", name); 2323|-> } 2324| 2325| static void track_title_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def29] [important] bluez-5.75/monitor/att.c:2453:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2453:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2455:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2456:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2454| 2455| print_field(" Bearer Name: %s", name); 2456|-> } 2457| 2458| static void bearer_name_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def30] [important] bluez-5.75/monitor/att.c:2472:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2472:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2474:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2475:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2473| 2474| print_field(" Bearer Uci Name: %s", name); 2475|-> } 2476| 2477| static void print_technology_name(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def31] [important] bluez-5.75/monitor/att.c:2541:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2541:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2543:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2544:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2542| 2543| print_field(" Uri scheme Name: %s", name); 2544|-> } 2545| 2546| static void bearer_uri_schemes_list_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def32] [important] bluez-5.75/monitor/att.c:2653:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2653:2: var_assign: Assigning: "call_uri" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2655:2: noescape: Resource "call_uri" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2660:1: leaked_storage: Variable "call_uri" going out of scope leaks the storage it points to. 2658| if (frame->size) 2659| print_hex_field(" call_list Data", frame->data, frame->size); 2660|-> } 2661| 2662| static void bearer_current_call_list_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def33] [important] bluez-5.75/monitor/att.c:2741:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2741:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2743:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2748:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2746| if (frame->size) 2747| print_hex_field(" Data", frame->data, frame->size); 2748|-> } 2749| 2750| static void incom_target_bearer_uri_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def34] [important] bluez-5.75/monitor/att.c:2851:3: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2851:3: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2852:3: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2871:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2869| if (frame->size) 2870| print_hex_field("call_cp Data", frame->data, frame->size); 2871|-> } 2872| 2873| static void print_call_cp_notification(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def35] [important] bluez-5.75/monitor/att.c:3046:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:3046:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:3048:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:3053:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 3051| if (frame->size) 3052| print_hex_field(" Data", frame->data, frame->size); 3053|-> } 3054| 3055| static void incoming_call_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def36] [important] bluez-5.75/monitor/att.c:3077:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:3077:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:3079:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:3084:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 3082| if (frame->size) 3083| print_hex_field(" Data", frame->data, frame->size); 3084|-> } 3085| 3086| static void call_friendly_name_read(const struct l2cap_frame *frame) --- monitor/att.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/monitor/att.c b/monitor/att.c index b3fb3ba6a0ad..a23347ef7ede 100644 --- a/monitor/att.c +++ b/monitor/att.c @@ -2291,6 +2291,8 @@ static void print_mp_name(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Media Player Name: %s", name); + + g_free(name); } static void mp_name_read(const struct l2cap_frame *frame) @@ -2320,6 +2322,8 @@ static void print_track_title(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Track Title: %s", name); + + g_free(name); } static void track_title_read(const struct l2cap_frame *frame) @@ -2453,6 +2457,8 @@ static void print_bearer_name(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Bearer Name: %s", name); + + g_free(name); } static void bearer_name_read(const struct l2cap_frame *frame) @@ -2472,6 +2478,8 @@ static void bearer_uci_read(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Bearer Uci Name: %s", name); + + g_free(name); } static void print_technology_name(const struct l2cap_frame *frame) @@ -2541,6 +2549,8 @@ static void print_uri_scheme_list(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Uri scheme Name: %s", name); + + g_free(name); } static void bearer_uri_schemes_list_read(const struct l2cap_frame *frame) @@ -2654,6 +2664,8 @@ static void print_call_list(const struct l2cap_frame *frame) print_field(" call_uri: %s", call_uri); + g_free(call_uri); + done: if (frame->size) print_hex_field(" call_list Data", frame->data, frame->size); @@ -2742,6 +2754,8 @@ static void print_target_uri(const struct l2cap_frame *frame) print_field(" Uri: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); @@ -2850,6 +2864,7 @@ static void print_call_cp(const struct l2cap_frame *frame) str = "Originate"; name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Operation: %s Uri: %s", str, name); + g_free(name); break; case 0x05: str = "Join"; @@ -3047,6 +3062,8 @@ static void print_incom_call(const struct l2cap_frame *frame) print_field(" call_string: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); @@ -3078,6 +3095,8 @@ static void print_call_friendly_name(const struct l2cap_frame *frame) print_field(" Friendly Name: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); From patchwork Fri May 10 12:10:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796405 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89D72170835 for ; Fri, 10 May 2024 12:14:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; cv=none; b=jK07DZt2VuZT5JrdpM5YRkewhzTF6ExtnHj0S63znHp03QzIxV+DfdAXdS0yxS2Cyl/akaj+Ts7AKaSh4G7xqpcn1y/LZd1lo8iavoPFVlS8Yn5sjH9b6pCU2GtHCEAYj18EoFNaMKU+Ug1KZ1PjIvkzBa9Mmu3sYEvW/iLIokQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; c=relaxed/simple; bh=G2B25kkAZiQUG7ifns57wTkbl2LqrY4Bf0pfzP6VO7M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qcBPsTvjQMGqninB4S12KlHft9ebteADnfSOn7g2VMd58bO83FWnIZXp820wu7AxE/l0bP7OZxSuqE/4nwzCi10+sxzl9YWJB9pd6HL1uRLmEmOr26CU+IMDQYWItgyAUQN4Wz6cSem0xxQ+2kFz1IIxAoI/x//+PFZYIjCJS4o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 1D96D60009; Fri, 10 May 2024 12:13:58 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 08/20] bap: Fix memory leaks Date: Fri, 10 May 2024 14:10:18 +0200 Message-ID: <20240510121355.3241456-9-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def37] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1066:4: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1064| l2_caps = new0(struct iovec, 1); 1065| if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) 1066|-> goto fail; 1067| 1068| util_iov_memcpy(l2_caps, util_iov_pull_mem(&iov, Error: RESOURCE_LEAK (CWE-772): [#def38] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1080:4: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1078| meta = new0(struct iovec, 1); 1079| if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) 1080|-> goto fail; 1081| 1082| util_iov_memcpy(meta, Error: RESOURCE_LEAK (CWE-772): [#def39] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1080:4: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1078| meta = new0(struct iovec, 1); 1079| if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) 1080|-> goto fail; 1081| 1082| util_iov_memcpy(meta, Error: RESOURCE_LEAK (CWE-772): [#def40] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1097:5: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1095| 1096| if (!util_iov_pull_u8(&iov, &bis_index)) 1097|-> goto fail; 1098| 1099| util_debug(func, NULL, "BIS #%d", bis_index); Error: RESOURCE_LEAK (CWE-772): [#def41] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1097:5: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1095| 1096| if (!util_iov_pull_u8(&iov, &bis_index)) 1097|-> goto fail; 1098| 1099| util_debug(func, NULL, "BIS #%d", bis_index); Error: RESOURCE_LEAK (CWE-772): [#def42] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def43] [important] bluez-5.75/profiles/audio/bap.c:1102:14: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1102:14: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1102:14: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1102:14: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1102:4: var_assign: Assigning: "l3_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "l3_caps" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def44] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def45] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1123:2: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1121| } 1122| 1123|-> } 1124| return true; 1125| Error: RESOURCE_LEAK (CWE-772): [#def46] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1123:2: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1121| } 1122| 1123|-> } 1124| return true; 1125| --- profiles/audio/bap.c | 47 +++++++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c index 8e4f4b311fba..15024e26f843 100644 --- a/profiles/audio/bap.c +++ b/profiles/audio/bap.c @@ -1028,6 +1028,7 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, }; uint32_t pres_delay; uint8_t num_subgroups; + bool ret = true; util_debug(func, NULL, "BASE len: %ld", iov.iov_len); @@ -1043,13 +1044,15 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, for (int idx = 0; idx < num_subgroups; idx++) { uint8_t num_bis; struct bt_bap_codec codec; - struct iovec *l2_caps; - struct iovec *meta; + struct iovec *l2_caps = NULL; + struct iovec *meta = NULL; util_debug(func, NULL, "Subgroup #%d", idx); - if (!util_iov_pull_u8(&iov, &num_bis)) + if (!util_iov_pull_u8(&iov, &num_bis)) { + ret = false; goto fail; + } util_debug(func, NULL, "Number of BISes: %d", num_bis); memcpy(&codec, @@ -1062,8 +1065,10 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, /* Level 2 */ /* Read Codec Specific Configuration */ l2_caps = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) { + ret = false; + goto group_fail; + } util_iov_memcpy(l2_caps, util_iov_pull_mem(&iov, l2_caps->iov_len), @@ -1076,8 +1081,10 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, /* Read Metadata */ meta = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) { + ret = false; + goto group_fail; + } util_iov_memcpy(meta, util_iov_pull_mem(&iov, meta->iov_len), @@ -1093,15 +1100,20 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, uint8_t bis_index; struct iovec *l3_caps; - if (!util_iov_pull_u8(&iov, &bis_index)) - goto fail; + if (!util_iov_pull_u8(&iov, &bis_index)) { + ret = false; + goto group_fail; + } util_debug(func, NULL, "BIS #%d", bis_index); /* Read Codec Specific Configuration */ l3_caps = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) { + free(l3_caps); + ret = false; + goto group_fail; + } util_iov_memcpy(l3_caps, util_iov_pull_mem(&iov, @@ -1120,13 +1132,20 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, meta); } +group_fail: + if (l2_caps != NULL) + free(l2_caps); + if (meta != NULL) + free(meta); + if (!ret) + break; } - return true; fail: - util_debug(func, NULL, "Unable to parse Base"); + if (!ret) + util_debug(func, NULL, "Unable to parse Base"); - return false; + return ret; } static void iso_pa_sync_confirm_cb(GIOChannel *io, void *user_data) From patchwork Fri May 10 12:10:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796402 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AAFA16F829 for ; Fri, 10 May 2024 12:14:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=AugFvVFW5QhU8wKTBneX2en5uRX3lJT59W/OSnfyKxquDfMX1fQTfvFGcKwTR79kNRWVReP6gPVAbvtO8sXTyPqxXCuDJE6rRoP98U80NtVXhstdwUnQTDlx44rtltZkZ5kMArbFNsoH5N92bttj673bwWvT0RY0FzPjcMkVk2E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=XL/7SxkDVsEMuouDDcQaTT4AwMz/tx8Nfzhai1nup08=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bvQMiCWRWNgoqTEfue5yu/G9k+Im4WOXSHjlqLxgNuYoKRT0ZCJEKXft1mDN/tiigXACHkBb3l/BHaDbtVcoJCZHQRBEZ45q+eKs/egnKQcvZKQyNdVYUXW+kpR8Cp7FHQqfePKY3T1Lf/XSYYMvVAY0SenN2ck3JS3Broayfqo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 6CA1160011; Fri, 10 May 2024 12:13:58 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 09/20] media: Fix memory leak Date: Fri, 10 May 2024 14:10:19 +0200 Message-ID: <20240510121355.3241456-10-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def47] [important] bluez-5.75/profiles/audio/media.c:1278:2: alloc_arg: "asprintf" allocates memory that is stored into "name". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/media.c:1291:2: noescape: Resource "name" is not freed or pointed-to in "bt_bap_add_vendor_pac". bluez-5.75/profiles/audio/media.c:1297:3: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 1295| error("Unable to create PAC"); 1296| free(metadata); 1297|-> return false; 1298| } 1299| --- profiles/audio/media.c | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/audio/media.c b/profiles/audio/media.c index 07147a25d532..4bbd584deaba 100644 --- a/profiles/audio/media.c +++ b/profiles/audio/media.c @@ -1293,6 +1293,7 @@ static bool endpoint_init_pac(struct media_endpoint *endpoint, uint8_t type, &data, metadata); if (!endpoint->pac) { error("Unable to create PAC"); + free(name); free(metadata); return false; } From patchwork Fri May 10 12:10:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796064 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAFA016F823 for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; cv=none; b=d4VoOfL8m0a8xCWoKsE/HK+mKFcztpZxJNHGre5BsoowebLq+4OUAc3VAwW+GeLLPuM8TlENWgJFmb5Ydfne6maXE3aGcg/GIHTVZY9e+0tk2XOlcL0x9kkDa4+kmoCQdqfF3CeSZ0XrFtHWWYGslnsrKVwSCBeiphgJH3LTkSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; c=relaxed/simple; bh=KfzM9M9j5GTuPghCb5LA3rp6JbWwmqCc2mF+vpZC2oQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PoyRc8Fe/pqrgOn33HR9bMfjRxqin7RvVQB/yJExpW4C05QeLb6ApGKfSTbKPbVzBRyL/rgGgNILEEBWMCm/VO63J5zGudVnvPd/oY4Iwm6hDdkzY4KJ7+coelMjd+2g1HF/1rXHCelGj1opn/Yx66SArz4FJ62GYOD3RxPWOOY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id AEBB06000D; Fri, 10 May 2024 12:13:58 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 10/20] main: Fix memory leaks Date: Fri, 10 May 2024 14:10:20 +0200 Message-ID: <20240510121355.3241456-11-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def51] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:456:3: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "btd_error". bluez-5.75/src/main.c:457:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:457:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 455| if (!endptr || *endptr != '\0') { 456| error("%s.%s = %s is not integer", group, key, str); 457|-> return false; 458| } 459| Error: RESOURCE_LEAK (CWE-772): [#def52] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:463:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:463:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 461| warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp, 462| min); 463|-> return false; 464| } 465| Error: RESOURCE_LEAK (CWE-772): [#def53] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:475:2: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:475:2: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 473| *val = tmp; 474| 475|-> return true; 476| } 477| --- src/main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main.c b/src/main.c index 23af6781d931..ac840d684f6d 100644 --- a/src/main.c +++ b/src/main.c @@ -454,21 +454,25 @@ static bool parse_config_int(GKeyFile *config, const char *group, tmp = strtol(str, &endptr, 0); if (!endptr || *endptr != '\0') { error("%s.%s = %s is not integer", group, key, str); + g_free(str); return false; } if (tmp < min) { + g_free(str); warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp, min); return false; } if (tmp > max) { + g_free(str); warn("%s.%s = %zu is out of range (> %zu)", group, key, tmp, max); return false; } + g_free(str); if (val) *val = tmp; From patchwork Fri May 10 12:10:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796404 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F234F170844 for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; cv=none; b=ZRznqYQFzYQ4CP+FWV0UykwbR9QEKe+37mI+E5ZUZEU88X9wTgO77DJgiIWXckYRK4JkafruGS8F24yz9ghZUt5LZUN0iIiSBGdzeQr+y6j4ffuEVKj86UY/Y7me5ONR3tEVMCx6hhHsqRce0l0DI15DKfRXdHztUXvt1e2vsEE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343256; c=relaxed/simple; bh=ZfaaZ7dEeQ9VjznH7vB7wWyIi9NLs2xFK5M4PvwRoK4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f6ex5dNdaRkQLKLtzCzOdBQbTWIq/GuOCzqyGm/bMgsgbQ03mXh+StzGUJ7Grz4vHlsiyJDs8HqdPBXAGYwTCzEtwr2lnCGRDCN5TL4oPTCJWYaS5gyn+hNRMoQCnkEDiCWjXPjFy7KdmA3967fdQe+FZUWgmWbJ7W3zq8HF2MA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 04BAF60012; Fri, 10 May 2024 12:13:58 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 11/20] isotest: Consider "0" fd to be valid Date: Fri, 10 May 2024 14:10:21 +0200 Message-ID: <20240510121355.3241456-12-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def79] [important] bluez-5.75/tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file". bluez-5.75/tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)". bluez-5.75/tools/isotest.c:925:3: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. "fd" leaks when it is zero. bluez-5.75/tools/isotest.c:925:3: remediation: Did you intend to include equality with zero? bluez-5.75/tools/isotest.c:926:4: overwrite_var: Overwriting handle "fd" in "fd = open_file(filename)" leaks the handle. 924| 925| if (fd <= 0) 926|-> fd = open_file(filename); 927| } 928| --- tools/isotest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/isotest.c b/tools/isotest.c index 7e875fa58b15..810d15d2df2a 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -922,7 +922,7 @@ static void send_mode(char *filename, char *peer, int i, bool repeat) if (!err) fd = open_file(altername); - if (fd <= 0) + if (fd < 0) fd = open_file(filename); } From patchwork Fri May 10 12:10:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796063 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EB9A17084A for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=r3P2qo0J9s3Hq9AkcQ4oT7vI8PrTJ/KO8v5uCiduBvMNv14vD0k9GOcWjUzuS3mJ3tkHAGSCwg+2H9usz2jXwi7hlfNrSKx39CD+55fR1D9i37dGj8mAGjgYMXTi/NI1vJwOHjhCy9imqr6Xzq442ngwjmth/YlIEqcaACyutxc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=Z4Ect0czkbLcBsbsoMl8fFiwHYkN+tVjcHoe1Tp/VkU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NwFRjltRV4PNItOHR+M9jR44iw9ka965oIE3zZJO01Cg32k0mWYthoxe8pNlAIaGigosHxDdQ8DFD8iHLjWzBp7OuTxl9Y8FXsBSZMjvmgAbUx85hYdMgbl/P69BxKXwqYPiA3j2vqMZZPN4SLOcrhtX+JdMRYfVqGQDeT0774E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 5076360008; Fri, 10 May 2024 12:13:59 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 12/20] isotest: Fix error check after opening file Date: Fri, 10 May 2024 14:10:22 +0200 Message-ID: <20240510121355.3241456-13-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Consider "0" to be a valid fd. --- tools/isotest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/isotest.c b/tools/isotest.c index 810d15d2df2a..ddace0da3044 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -720,7 +720,7 @@ static int open_file(const char *filename) syslog(LOG_INFO, "Opening %s ...", filename); fd = open(filename, O_RDONLY); - if (fd <= 0) { + if (fd < 0) { syslog(LOG_ERR, "Can't open file %s: %s\n", filename, strerror(errno)); } From patchwork Fri May 10 12:10:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796062 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34573170850 for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=W6jMsm5Ltr2sGutbn4cpV3IBao94KEaOBkWZX3LqR4ScxOSbWzDCk0zXJIPmxMUY+W7fu2jirBbgf57bE+XUD6TbqR/REbHN8nYcdKiYc+G8dUoGoF6YsGjszdFnmuSxHAVARcAWg0AdmkXQP4SDLzy3mDBrZU4XG3nQzOVs25s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=UVmzgHwRrHupYFJb/Xbq0QuAhlgLC7EEyPNuRozn0po=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fgx1m/Y7Neyj0D/+qKpVqSmTRIY0zA0H8D9dJki/l6yLXMdny206r2P+CDKbzC+uoPazmI0Hd9Uo/2aerm4q0sgOimSo5s2lPm+GMOImgPjcBwsrY0TMblVSf9to/ahPXBtw82GrzEub7/sonuKTx95HvRPKiueVQ59Wo9uZUcI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id A30066000C; Fri, 10 May 2024 12:13:59 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 13/20] client/player: Fix copy/paste error Date: Fri, 10 May 2024 14:10:23 +0200 Message-ID: <20240510121355.3241456-14-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: COPY_PASTE_ERROR (CWE-398): [#def95] [important] bluez-5.75/client/player.c:1846:6: original: "qos->sync_cte_type" looks like the original copy. bluez-5.75/client/player.c:1852:6: copy_paste_error: "sync_cte_type" in "qos->sync_cte_type" looks like a copy-paste error. bluez-5.75/client/player.c:1852:6: remediation: Should it say "mse" instead? 1850| } 1851| 1852|-> if (qos->sync_cte_type) { 1853| bt_shell_printf("MSE %u\n", qos->mse); 1854| g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE, --- client/player.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/player.c b/client/player.c index 6b70e9ed3f9d..7f67425aaf8f 100644 --- a/client/player.c +++ b/client/player.c @@ -1849,7 +1849,7 @@ static void append_bcast_qos(DBusMessageIter *iter, struct endpoint_config *cfg) &qos->sync_cte_type); } - if (qos->sync_cte_type) { + if (qos->mse) { bt_shell_printf("MSE %u\n", qos->mse); g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE, &qos->mse); From patchwork Fri May 10 12:10:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796399 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EC7917084D for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; cv=none; b=LIyho4TM/d50Ax+vMpC9yNMXNS971L6ks/8/+rmaTfvINPbO3tZXR3tx0KthFNnfCUbjARyliaxcZ58dmNzpeS4eeO9hZAHcuSJRi17wKoOHB64mZQYpA7aQ/YYB/GeBK/sPnpiF3FB9//mgBgpy5/2DgRe6O8CMfH2V09XzpWs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; c=relaxed/simple; bh=M3Ywyy+4fuNjRQVFMj+DtHH2PN8++yYDfen2QT1Gpis=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DmSr6Iq7Q4VlqDAV4H7KdaEy2pO1jEcW6KCvSes8+g1CVQb/QA+Gi3Z8NZhJXOLwhLdgcU0TtlH4FLZGu+Lo82SeJubBjqnxqKwbSbwuMHDnH8m/5ONLqprFNHJunjpf2N+BeIaB1HQYkF+IfRFGJpwWFoCDtLSthF2BQlXPKuA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id ED21360013; Fri, 10 May 2024 12:13:59 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 14/20] shared/vcp: Fix copy/paste error Date: Fri, 10 May 2024 14:10:24 +0200 Message-ID: <20240510121355.3241456-15-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: COPY_PASTE_ERROR (CWE-398): [#def97] [important] bluez-5.75/src/shared/vcp.c:2610:16: original: "aics->gain_stting_prop" looks like the original copy. bluez-5.75/src/shared/vcp.c:2625:16: copy_paste_error: "gain_stting_prop" in "aics->gain_stting_prop" looks like a copy-paste error. bluez-5.75/src/shared/vcp.c:2625:16: remediation: Should it say "aud_ip_type" instead? 2623| 2624| aics = vcp_get_aics(vcp); 2625|-> if (!aics || aics->gain_stting_prop) 2626| return; 2627| --- src/shared/vcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/vcp.c b/src/shared/vcp.c index 7ba54e64adc0..b7e17e448b74 100644 --- a/src/shared/vcp.c +++ b/src/shared/vcp.c @@ -2622,7 +2622,7 @@ static void foreach_aics_char(struct gatt_db_attribute *attr, void *user_data) value_handle); aics = vcp_get_aics(vcp); - if (!aics || aics->gain_stting_prop) + if (!aics || aics->aud_ip_type) return; aics->aud_ip_type = attr; From patchwork Fri May 10 12:10:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796400 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EC0C17084C for ; Fri, 10 May 2024 12:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; cv=none; b=ITN0BAUpS5rKpUtcCRPwvkR6xkZYczCBxbFH7aYLQuvlK/f9CyNNJB038bSyGjnqkrhD37V8Izi51ynxE0awDUWZUVF/uZ95wLI+jLcxRmxeNmNwVBfszrkUE3h9MCVOdAC4P/GN6N2VCdYvYMI3aDWH2UHswaAmxBW28cw+hx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; c=relaxed/simple; bh=1b+p1b7GIT78GDQGbHD5A5ndMiK4C9pGS2ldUhTTJEU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RxeEFqw4aAFzI3Pfmo+9q1eUvPdRqZ8A6aQtNtb3hh7xbuimqoIEJXnj1EamIGrj2/c6VHZNmEAbDWiS/VK3kQTWWouEQkfR7yydGQ4lji6t1+LrVpwwboKKg5MGCOibnIWYrdmdP97mvy0gkBNL8gjCKZ+6L2DmN64A3O2W/zY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 3ECB260014; Fri, 10 May 2024 12:14:00 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 15/20] isotest: Fix fd leak Date: Fri, 10 May 2024 14:10:25 +0200 Message-ID: <20240510121355.3241456-16-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def65] [important] bluez-5.75/tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file". bluez-5.75/tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)". bluez-5.75/tools/isotest.c:953:3: leaked_handle: Handle variable "fd" going out of scope leaks the handle. 951| 952| free(sk_arr); 953|-> return; 954| } 955| --- tools/isotest.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/isotest.c b/tools/isotest.c index ddace0da3044..58293133a304 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -950,6 +950,8 @@ static void send_mode(char *filename, char *peer, int i, bool repeat) close(sk_arr[i]); free(sk_arr); + if (fd >= 0) + close(fd); return; } From patchwork Fri May 10 12:10:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796401 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9D3917085C for ; Fri, 10 May 2024 12:14:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; cv=none; b=A9+v5zZWdEwCOkej3iiILkrCGm84KB87jljajRrKZ3TfkjD+lgiMCML76WOKWy7PV+LAmAyD8isv5gXYJUvDK/3gbGucnJwsSk3ALmtq9lyqb4mrBY88Juv+KHCBX939wAzCdBAOr+Y1qWLac/vvStxv955KYb7KwHo/xvRs9lU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343257; c=relaxed/simple; bh=Z3oDkp2d1HpjpI0Xro2LA2pKxiRZBZKIF2k7SUbqM2w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gVo/0tKzro4j0c0Nck3nA2xiDPQ7HvkpkaZ1uhwQuB9Sc/WVQbtaG+Tyo8N+f+YONyVCkcXUKVldrRat6gapvVDuYNMIbSxYOw/UUswN9GyS3CR2jp0AnlP4Kj2aYptGPGvDkafQWw/zbVB4u05GkVM/Jjzjve/aTgusPsiBIaI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 8424360016; Fri, 10 May 2024 12:14:00 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 16/20] iso-tester: Fix fd leak Date: Fri, 10 May 2024 14:10:26 +0200 Message-ID: <20240510121355.3241456-17-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def63] [important] bluez-5.75/tools/iso-tester.c:1796:2: open_fn: Returning handle opened by "socket". bluez-5.75/tools/iso-tester.c:1796:2: var_assign: Assigning: "sk" = handle returned from "socket(31, 2053, 8)". bluez-5.75/tools/iso-tester.c:1807:3: leaked_handle: Handle variable "sk" going out of scope leaks the handle. 1805| if (!master_bdaddr) { 1806| tester_warn("No master bdaddr"); 1807|-> return -ENODEV; 1808| } 1809| --- tools/iso-tester.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/iso-tester.c b/tools/iso-tester.c index 046606068206..d54fa56ecd44 100644 --- a/tools/iso-tester.c +++ b/tools/iso-tester.c @@ -1804,6 +1804,7 @@ static int create_iso_sock(struct test_data *data) master_bdaddr = hciemu_get_central_bdaddr(data->hciemu); if (!master_bdaddr) { tester_warn("No master bdaddr"); + close(sk); return -ENODEV; } From patchwork Fri May 10 12:10:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796398 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32ED917088E for ; Fri, 10 May 2024 12:14:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343259; cv=none; b=D8OaXV7Gk/luv3m41CZpT9brAy8JVddDbf27UqZ/Svqj6bIR+mwWgH7CGPjMACUan2TbJoQ6quXMeNWgH7TqzDMty+tqoLECOC9KiesOWH0g+3pQlq4fzT8Q7V9fFvpwhQLEk+QWh0I0BHXbc5aQItHHDRnN2Y/YNWwSmtXQdUs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343259; c=relaxed/simple; bh=RBs/pTECN0ac63rTo4HqmGiHw5K+O2RiHGc5wsLMjOQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YW75hBGoa3wpo4alHms87rLdQh4V2YmYGModMbkS5KRFPQXoHmjoq90AZS2LnzI20W2J95hOu7wMexeqR89Km72pWG6Bhhx3S109k2B9cNUWeGwxBkMzLZPCa1KdwDfDI+MVKaostyXMI6AWqbG4ai2698SGxbJJAd45IfPKJmg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id CD71060017; Fri, 10 May 2024 12:14:00 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 17/20] sdp: Fix use of uninitialised memory Date: Fri, 10 May 2024 14:10:27 +0200 Message-ID: <20240510121355.3241456-18-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: UNINIT (CWE-457): [#def10] [important] bluez-5.75/lib/sdp.c:2302:2: alloc_fn: Calling "malloc" which returns uninitialized memory. bluez-5.75/lib/sdp.c:2302:2: assign: Assigning: "seqDTDs" = "malloc(seqlen * 8UL)", which points to uninitialized data. bluez-5.75/lib/sdp.c:2355:2: uninit_use_in_call: Using uninitialized value "*seqDTDs" when calling "sdp_seq_alloc". 2353| } 2354| } 2355|-> seq = sdp_seq_alloc(seqDTDs, seqs, seqlen); 2356| free(seqDTDs); 2357| free(seqs); --- lib/sdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sdp.c b/lib/sdp.c index 34b0dbb94eb0..d43bbbd2de05 100644 --- a/lib/sdp.c +++ b/lib/sdp.c @@ -2299,7 +2299,7 @@ static sdp_data_t *access_proto_to_dataseq(sdp_record_t *rec, sdp_list_t *proto) sdp_list_t *p; seqlen = sdp_list_len(proto); - seqDTDs = malloc(seqlen * sizeof(void *)); + seqDTDs = bt_malloc0(seqlen * sizeof(void *)); if (!seqDTDs) return NULL; From patchwork Fri May 10 12:10:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796058 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 911BC16F90D for ; Fri, 10 May 2024 12:14:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343259; cv=none; b=DAUvD4OmtsoEpdj/Ygmo64fSL+DVJ/jnP56x8uI+W6AInXSIfZeqdgwhOrGe8uLCcmAiqBpJ//5+90QomQzsR+cSWuTcYGwJoHBW4K14rG3JfQzBv0bl6UXE07wFhcuT5ZwkjwgtlGLNAZCqU5sKexGxx7zFCE5wqntAuq1hQNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343259; c=relaxed/simple; bh=vFe5qKmQHRVEE4cES7AAibKqsLuZAYq13Rek/uW306Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hFdRCTlmCFp29asH7zpX9YhCx0jPalHRMMdlHMTKh/dyMjnkhIE+xMkJFfVYXFoPt/umk62eT1mkPZgwA8WkLZmXh5kVWkr/55cKDXpp5szxZqRSJZGiL06T1QOMIt09GQM27ckz9T8IoCAHGx3++Jy0xVBTjcIrTfQuyMk5nE4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 2213060015; Fri, 10 May 2024 12:14:01 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 18/20] monitor: Work-around memory leak warning Date: Fri, 10 May 2024 14:10:28 +0200 Message-ID: <20240510121355.3241456-19-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Work-around this warning by making the so pointer global. Error: RESOURCE_LEAK (CWE-772): [#def29] [important] bluez-5.75/monitor/jlink.c:87:3: alloc_fn: Storage is returned from allocation function "dlopen". bluez-5.75/monitor/jlink.c:87:3: var_assign: Assigning: "so" = storage returned from "dlopen(jlink_so_name[i], 1)". bluez-5.75/monitor/jlink.c:95:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:96:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:97:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:98:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:99:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:100:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:101:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:102:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:103:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:104:2: noescape: Resource "so" is not freed or pointed-to in "dlsym". bluez-5.75/monitor/jlink.c:116:2: leaked_storage: Variable "so" going out of scope leaks the storage it points to. 114| 115| /* don't dlclose(so) here cause symbols from it are in use now */ 116|-> return 0; 117| } 118| --- monitor/jlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monitor/jlink.c b/monitor/jlink.c index f9d4037f4cdf..e08cc87139c9 100644 --- a/monitor/jlink.c +++ b/monitor/jlink.c @@ -47,6 +47,7 @@ struct rtt_desc { }; static struct rtt_desc rtt_desc; +static void *so = NULL; typedef int (*jlink_emu_selectbyusbsn_func) (unsigned int sn); typedef int (*jlink_open_func) (void); @@ -80,7 +81,6 @@ static struct jlink jlink; int jlink_init(void) { - void *so; unsigned int i; for (i = 0; i < NELEM(jlink_so_name); i++) { @@ -109,6 +109,7 @@ int jlink_init(void) !jlink.emu_getproductname || !jlink.rtterminal_control || !jlink.rtterminal_read) { dlclose(so); + so = NULL; return -EIO; } From patchwork Fri May 10 12:10:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796060 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9151416FF36 for ; Fri, 10 May 2024 12:14:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; cv=none; b=G7fjBqD22ES7IPQHtmeFFK1Y/gslvCEPuhAmTEcqmK0JXPeUbgZs8arTJdSAGEVVumnFYAj02XnSL1G7hA0Fs8pfcm0Jz36gIAywcwLVo6f/L8eZ6ttSmdycE/C6N30+hBl1V5FiamENw/OlFDK8LJ9RpdNQedffflNIw8TpSkQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; c=relaxed/simple; bh=fVvu1kVLHA9vVPjO9GD5raAV6dYPFeKU1uN7kzOM80Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Vsnj4qWFTLJ4mfkO3oCzuiP2OuOdd2OScFazIFr9400xX9tdYDJ4k2aUribe/PAz76HQSrqIojiJNSzxr0Z3v3elGvbM3YXngitPkDhXeC4NInILL3TljdlimpwMCJLlg7ht1f+L3GqLlSqOebaq+WpSUK/JKXOqfELJvXwgICs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 66A8960018; Fri, 10 May 2024 12:14:01 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 19/20] avrcp: Fix uninitialised memory usage Date: Fri, 10 May 2024 14:10:29 +0200 Message-ID: <20240510121355.3241456-20-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: UNINIT (CWE-457): [#def35] [important] bluez-5.75/profiles/audio/avrcp.c:2550:2: var_decl: Declaring variable "name" without initializer. bluez-5.75/profiles/audio/avrcp.c:2567:2: uninit_use_in_call: Using uninitialized value "*name" when calling "media_player_create_item". 2565| mp = player->user_data; 2566| 2567|-> item = media_player_create_item(mp, name, PLAYER_ITEM_TYPE_AUDIO, uid); 2568| if (item == NULL) 2569| return NULL; Error: UNINIT (CWE-457): [#def36] [important] bluez-5.75/profiles/audio/avrcp.c:2583:2: var_decl: Declaring variable "name" without initializer. bluez-5.75/profiles/audio/avrcp.c:2601:2: uninit_use_in_call: Using uninitialized value "*name" when calling "media_player_create_folder". 2599| } 2600| 2601|-> item = media_player_create_folder(mp, name, type, uid); 2602| if (!item) 2603| return NULL; --- profiles/audio/avrcp.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c index 36ce01a14eea..752e55be37a4 100644 --- a/profiles/audio/avrcp.c +++ b/profiles/audio/avrcp.c @@ -2555,11 +2555,10 @@ static struct media_item *parse_media_element(struct avrcp *session, uid = get_be64(&operands[0]); + memset(name, 0, sizeof(name)); namelen = MIN(get_be16(&operands[11]), sizeof(name) - 1); - if (namelen > 0) { + if (namelen > 0) memcpy(name, &operands[13], namelen); - name[namelen] = '\0'; - } player = session->controller->player; mp = player->user_data; @@ -2592,11 +2591,10 @@ static struct media_item *parse_media_folder(struct avrcp *session, type = operands[8]; playable = operands[9]; + memset(name, 0, sizeof(name)); namelen = MIN(get_be16(&operands[12]), sizeof(name) - 1); - if (namelen > 0) { + if (namelen > 0) memcpy(name, &operands[14], namelen); - name[namelen] = '\0'; - } item = media_player_create_folder(mp, name, type, uid); if (!item) From patchwork Fri May 10 12:10:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796059 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44F6A16F26E for ; Fri, 10 May 2024 12:14:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; cv=none; b=sg/Oaptg5TNYOVxjRWkMOqBtAADql0j4zrcqGUIuoqg7yKQpqhaJ+Gxvbwou/DTtTaEI+qmJZ9SE2zGcHY4B1Sgmp1Nem9MgWf7N1HKcQ6Kg20gBT1BsYwpOABla9DWkoL10pTHjbZ1qv7lP5isBiFgvUY7nfUW0AqqPhHoC/+M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715343258; c=relaxed/simple; bh=vEdzOFOfj6cU3KZYSAw5Qn4GRuDd16JZXvr2cYFm7/c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uiLqOPM9OfHXTmH2LMi56h6h7fvzNCf1Ao4ZvUspL3jiRx/FsHdAQFIOlwn9tmX9RlPoPQsvIxdMUDcZilsCtaGa/vvTRkvgHa/5m1hufopIiP7NC6o57uzwRQKJ++wHG2pOQp6fn67JwRq5UikgEESQDOnUNf5nBuf/E2z8wPM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id AC08560019; Fri, 10 May 2024 12:14:01 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ v2 20/20] main: Simplify variable assignment Date: Fri, 10 May 2024 14:10:30 +0200 Message-ID: <20240510121355.3241456-21-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def39] [important] bluez-5.75/src/main.c:425:2: alloc_fn: Storage is returned from allocation function "g_key_file_get_string". bluez-5.75/src/main.c:425:2: var_assign: Assigning: "tmp" = storage returned from "g_key_file_get_string(config, group, key, &err)". bluez-5.75/src/main.c:433:2: noescape: Assuming resource "tmp" is not freed or pointed-to as ellipsis argument to "btd_debug". bluez-5.75/src/main.c:440:2: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to. 438| } 439| 440|-> return true; 441| } 442| --- src/main.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/main.c b/src/main.c index ac840d684f6d..a31740179941 100644 --- a/src/main.c +++ b/src/main.c @@ -420,9 +420,10 @@ static bool parse_config_string(GKeyFile *config, const char *group, const char *key, char **val) { GError *err = NULL; - char *tmp; - tmp = g_key_file_get_string(config, group, key, &err); + g_return_val_if_fail(val, false); + + *val = g_key_file_get_string(config, group, key, &err); if (err) { if (err->code != G_KEY_FILE_ERROR_KEY_NOT_FOUND) DBG("%s", err->message); @@ -430,12 +431,7 @@ static bool parse_config_string(GKeyFile *config, const char *group, return false; } - DBG("%s.%s = %s", group, key, tmp); - - if (val) { - g_free(*val); - *val = tmp; - } + DBG("%s.%s = %s", group, key, *val); return true; }