From patchwork Fri May 10 09:10:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796075 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 587CA1635BF for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332704; cv=none; b=I2QXooSgAYqff5F0arjQNjsunRyw1LHOm8pLDwc3zjXKW3246wzNtYK3A3SFG/WVX05VO72tJDxuIa/z3kXPO1MSvsI/3tBp6aKe5GrLPxK3hhZhqlTWZhLdkkyBM9vQUpjErsAySUcm2Zs6y4bJf9BO/MaJO0b52TnSL9v6L+M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332704; c=relaxed/simple; bh=Yh0PDSY9sQwh0O2/JTlu7MTW12Eg3DPcxr2592X6H/M=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EwJ8lwwuHvweiH0uUO+B4DowHW19eW9V5B7HmzO7QsbrfEYRb71K3I/7cWTJIGpP2SarhEF4GM9t+x1hH2R5pi4ZjBHBMXlkv/vaptoGYssa0O7+sImtWIHQ/8xJwhxl3RW6rUZ0hgA7EA6W8EPLrXbL5+DQc1r2ONI9peSESwM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 88A4A1BF204 for ; Fri, 10 May 2024 09:18:15 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 01/14] adapter: Use false instead of 0 for bool Date: Fri, 10 May 2024 11:10:59 +0200 Message-ID: <20240510091814.3172988-2-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net --- src/adapter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 5505edbb29c1..8b478e213cb5 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -2413,7 +2413,7 @@ static int update_discovery_filter(struct btd_adapter *adapter) * starting discovery. */ if (filters_equal(adapter->current_discovery_filter, sd_cp) && - adapter->discovering != 0) { + adapter->discovering != false) { DBG("filters were equal, deciding to not restart the scan."); g_free(sd_cp); return 0; From patchwork Fri May 10 09:11:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796072 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3793F1635CA for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; cv=none; b=PyhGKnsGE831NUmR9mXOqHfhZP4Y38aUWpJWFu2mPbIjuHj6NxumcphpmcsdePhUYIKGOG4JKJUrnIkIgSObA8tNs1x80kd0bok8cMLRoph8dvJjXDiF+yh6a2dbgobizf7uWwYuLfy0gwV/oClPZkMMaz2REMWXaafiiypUb9I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; c=relaxed/simple; bh=qz8dsn86PoKyiEMWJOJVKAKfMqx70ZUJV6tnXXFCHS0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aJbtMydpaXg9fOshsGKL/lJYubog/fFRKW+qcDF2HBQLhcJa/GO996T2tUKpPZVkKbprVbZnHRj2zbnBiQISAUciVUTXUsYfAF4L90rhqTrpxG9G86IM4H/y812cLN9zSB8PbgR053JD1zbNXcIiddoSe2lbtcAwPjFoJfYNneI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id BFD8A1BF20A for ; Fri, 10 May 2024 09:18:15 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 02/14] attrib/gatt: Guard against possible integer overflow Date: Fri, 10 May 2024 11:11:00 +0200 Message-ID: <20240510091814.3172988-3-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: INTEGER_OVERFLOW (CWE-190): [#def30] bluez-5.75/attrib/gatt.c:1016:2: known_value_assign: "last" = "65535", its value is now 65535. bluez-5.75/attrib/gatt.c:1087:2: overflow_const: Expression "dd->start", which is equal to 65536, where "last + 1" is known to be equal to 65536, overflows the type that receives it, an unsigned integer 16 bits wide. 1085| } 1086| 1087|-> dd->start = last + 1; 1088| 1089| if (last < dd->end && !uuid_found) { --- attrib/gatt.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/attrib/gatt.c b/attrib/gatt.c index b496dd1ebd95..3cedae9d167a 100644 --- a/attrib/gatt.c +++ b/attrib/gatt.c @@ -1076,10 +1076,12 @@ static void desc_discovered_cb(guint8 status, const guint8 *ipdu, att_data_list_free(list); /* - * If last handle is lower from previous start handle then it is smth - * wrong. Let's stop search, otherwise we might enter infinite loop. + * If last handle is lower from previous start handle or if iterating + * to the next handle from the last possible offset would overflow, then + * something is wrong. Let's stop search, otherwise we might enter + * infinite loop. */ - if (last < dd->start) { + if (last < dd->start || last == G_MAXUINT16) { err = ATT_ECODE_UNLIKELY; goto done; } From patchwork Fri May 10 09:11:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796413 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CCC81635CD for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; cv=none; b=HSR0cwqVkM5UPhFvuPb1etv1B0wkvJFx8NmQqEgUcm5LK6QEIATqPZnM4hunpWLv/B5ZKRnZz/yz5u+kv3FHDnqckpSQazxxXyhRud2ByCwJako9zVajt9hwAY1PrTRUvgbgXHStiH/cHveGPOlSFnNOmxvTATHTqpZfHfW8Z6o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; c=relaxed/simple; bh=TmByswNQKHOXRhWykun5laQ2PUPsFpZeRBbgJLQuE2w=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dHM4BLMeNV8TJPz3ZLx/LvTcZlSVsmhZP3kr+s1sx1YSgQIw2Eh3QWfo1eKwoAjr4WmqEUbjkmyJBR6nJPMig33fLKwTGIaON4wNQJ2r+Gh+Vk698qFtSJRp3kd5l90bz1rCJJZpmObsrCZqP3p0qxrQesXAM9wLEHbizaR8m/Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id F01211BF20B for ; Fri, 10 May 2024 09:18:15 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 03/14] client/gatt: Don't pass negative fd on error Date: Fri, 10 May 2024 11:11:01 +0200 Message-ID: <20240510091814.3172988-4-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: NEGATIVE_RETURNS (CWE-394): [#def33] bluez-5.75/client/gatt.c:973:2: negative_return_fn: Function "io_get_fd(io)" returns a negative number. bluez-5.75/client/gatt.c:973:2: negative_returns: "io_get_fd(io)" is passed to a parameter that cannot be negative. 971| msg.msg_iovlen = iovlen; 972| 973|-> ret = sendmsg(io_get_fd(io), &msg, MSG_NOSIGNAL); 974| if (ret < 0) { 975| ret = -errno; Error: NEGATIVE_RETURNS (CWE-394): [#def34] bluez-5.75/client/gatt.c:1049:2: negative_return_fn: Function "io_get_fd(io)" returns a negative number. bluez-5.75/client/gatt.c:1049:2: assign: Assigning: "fd" = "io_get_fd(io)". bluez-5.75/client/gatt.c:1062:2: negative_returns: "fd" is passed to a parameter that cannot be negative. 1060| msg.msg_iovlen = 1; 1061| 1062|-> bytes_read = recvmsg(fd, &msg, MSG_DONTWAIT); 1063| if (bytes_read < 0) { 1064| bt_shell_printf("recvmsg: %s", strerror(errno)); --- client/gatt.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/client/gatt.c b/client/gatt.c index 3aaa7a9361b9..6c7603985172 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -966,11 +966,15 @@ static int sock_send(struct io *io, struct iovec *iov, size_t iovlen) struct msghdr msg; int ret; + ret = io_get_fd(io); + if (ret < 0) + return ret; + memset(&msg, 0, sizeof(msg)); msg.msg_iov = iov; msg.msg_iovlen = iovlen; - ret = sendmsg(io_get_fd(io), &msg, MSG_NOSIGNAL); + ret = sendmsg(ret, &msg, MSG_NOSIGNAL); if (ret < 0) { ret = -errno; bt_shell_printf("sendmsg: %s", strerror(-ret)); @@ -1052,6 +1056,11 @@ static bool sock_read(struct io *io, void *user_data) if (io != notify_io.io && !chrc) return true; + if (fd < 0) { + bt_shell_printf("recvmsg: %s", strerror(-fd)); + return false; + } + iov.iov_base = buf; iov.iov_len = sizeof(buf); From patchwork Fri May 10 09:11:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796414 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3786A79945 for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; cv=none; b=tOujzsNdn9VUAE6WC21AXq+GqfKOnNzDTW3izOEPVG6zwRckVHVk3rkbx2tTOVrOZYUU4kDfKsWKX4fBrbW4VI0UksJ5EJD65vH1JXMqjeamXljn6dyQU+rmfylvjlEy0AyFHuW4WBxNSoZGKy0ZK70YJkBFWBo8zWxnMAujDr4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; c=relaxed/simple; bh=5TXl3HVkG/uQBuuY1wI8Z0QrwLoCEPRLF38cOOWUhP4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=j/MgTY12pyOj9ytKvfRpfjBE4z8Avo62SM6AFmVFnEBVtdrgCucKXYSVmO/ZErBxaSESf2MWgaYH8VjSKy+98/dhKlgHAXfSD6NM8f5o/4cjb66qyij9/7PKN1Sv8V6RXuOkA7DCtqtuLb0ugOzi2ZHiut0ApDsLnruPcKOpAow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 2AB3A1BF20C for ; Fri, 10 May 2024 09:18:16 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 04/14] client/gatt: Check write_value() retval Date: Fri, 10 May 2024 11:11:02 +0200 Message-ID: <20240510091814.3172988-5-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: CHECKED_RETURN (CWE-252): [#def35] bluez-5.75/client/gatt.c:3191:3: check_return: Calling "write_value" without checking return value (as is done elsewhere 5 out of 6 times). bluez-5.75/client/gatt.c:2371:2: example_checked: Example 1: "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, aad->offset, chrc->max_val_len)". bluez-5.75/client/gatt.c:2502:2: example_checked: Example 2: "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)" has its value checked in "write_value(&chrc->value_len, &chrc->value, value, value_len, offset, chrc->max_val_len)". bluez-5.75/client/gatt.c:2919:2: example_checked: Example 3: "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)" has its value checked in "write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)". bluez-5.75/client/gatt.c:759:3: example_checked: Example 4: "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)" has its value checked in "write_value(&c->value_len, &c->value, value, value_len, offset, c->max_val_len)". bluez-5.75/client/gatt.c:775:3: example_checked: Example 5: "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)" has its value checked in "write_value(&d->value_len, &d->value, value, value_len, offset, d->max_val_len)". 3189| } 3190| 3191|-> write_value(&chrc->value_len, &chrc->value, value, len, 3192| 0, chrc->max_val_len); --- client/gatt.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/client/gatt.c b/client/gatt.c index 6c7603985172..51fa8ba8553c 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -3197,9 +3197,13 @@ static void proxy_property_changed(GDBusProxy *proxy, const char *name, dbus_message_iter_get_fixed_array(&array, &value, &len); } - write_value(&chrc->value_len, &chrc->value, value, len, - 0, chrc->max_val_len); - bt_shell_hexdump(value, len); + if (write_value(&chrc->value_len, &chrc->value, value, len, + 0, chrc->max_val_len)) { + bt_shell_printf("Unable to update property value for %s\n", + name) + } else { + bt_shell_hexdump(value, len); + } } g_dbus_emit_property_changed(conn, chrc->path, CHRC_INTERFACE, name); From patchwork Fri May 10 09:11:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796415 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 378B01635C9 for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332704; cv=none; b=keojEzcl6i0EO5/ySrVjhtD2qdHXUjYIrOm7h8G9Pvs+tUI6l2LWrEykd9T4dlg3b4gfqBMC8WJUG1AvEPHuP81oEbm/33+O6OWIFsg4RU3tpSyhfdJUA256q417NaIpEEKpSZH7hFAQKi4095y+sr7D5rzV8lNHtNLAo7N4atk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332704; c=relaxed/simple; bh=P+yjKjRjvdbaSXIaURzo3y+tgDv6GopWUV9BqCIn29k=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Q1vQhVV7rPUHJWIym6KfljFdw/zVrT8OCYIpcAA7IzWCqvJMsYaX9hKY6XLWUAqNDl2wVPjBqsEcrh32bQlXxUoUSGKrTho8HUGH/A3CUqUTSc38dUKJ18SlZlt+0+KArH9JI9DvfHLSP942NQa/qA+nYaZeaj4HOsrBfjCaOv4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 5995E1BF209 for ; Fri, 10 May 2024 09:18:16 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 05/14] client/main: Fix array access Date: Fri, 10 May 2024 11:11:03 +0200 Message-ID: <20240510091814.3172988-6-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: CPPCHECK_WARNING (CWE-788): [#def36] bluez-5.75/client/main.c:833: error[ctuArrayIndex]: Array index out of bounds; 'argv' buffer size is 0 and it is accessed at offset 1. 831| const char **opt; 832| 833|-> if (!strcmp(argv[1], "help")) { 834| for (opt = arg_table; opt && *opt; opt++) 835| bt_shell_printf("%s\n", *opt); --- client/main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/main.c b/client/main.c index 51d08a67aa1a..f703cc91b24a 100644 --- a/client/main.c +++ b/client/main.c @@ -830,6 +830,11 @@ static gboolean parse_argument(int argc, char *argv[], const char **arg_table, { const char **opt; + if (argc < 2) { + bt_shell_printf("Missing argument to %s\n", argv[0]); + return FALSE; + } + if (!strcmp(argv[1], "help")) { for (opt = arg_table; opt && *opt; opt++) bt_shell_printf("%s\n", *opt); From patchwork Fri May 10 09:11:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796074 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 379971635CB for ; Fri, 10 May 2024 09:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; cv=none; b=G3gB05weCdk4gzvuhi1+vV7SRHaU7BjHaTMXWZkxQ1vQ+hpIogKTpWyjL9Kz2F/ub9gthRgRqPMCwwYgu4rKcHmGbdsSAyDQMkdos+aNkADGghAfQBHY/yaXxz1jC5SdO7HOZujmioR58l8MO3C/7/21optSQBilzmUGJfG+4Dw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332705; c=relaxed/simple; bh=F9aBXHTyJ8yCD7egItUeFRNE5MgkR7fAK7lVYebRWgM=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fGcVRMh1FF4Poclo6bQEWiFtIoQtpUF3q5ZU51liwNwdSQ4XXQnHLgBq+duNMFjHksosGxipWLM372PPjevpmRDqeo2xZwbJJD+3PifNCm2n+LngAQaJRMl+hTUAkZ4QvBRZeAE2L6vy+xzyEV9F3fWefyrzWaA2W1jbIcnf2Xs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 863B61BF207 for ; Fri, 10 May 2024 09:18:16 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 06/14] client/main: Fix mismatched free Date: Fri, 10 May 2024 11:11:04 +0200 Message-ID: <20240510091814.3172988-7-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: ALLOC_FREE_MISMATCH (CWE-762): [#def37] bluez-5.75/client/main.c:2108:2: alloc: Allocation of memory which must be freed using "g_free". bluez-5.75/client/main.c:2108:2: assign: Assigning: "desc" = "g_strdup_printf("\x1b[0;94m[%s]\x1b[0m# ", attr)". bluez-5.75/client/main.c:2111:2: free: Calling "free" frees "desc" using "free" but it should have been freed using "g_free". 2109| 2110| bt_shell_set_prompt(desc); 2111|-> free(desc); 2112| } 2113| --- client/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/main.c b/client/main.c index f703cc91b24a..f967c149e7bd 100644 --- a/client/main.c +++ b/client/main.c @@ -2113,7 +2113,7 @@ static void set_default_local_attribute(char *attr) desc = g_strdup_printf(COLOR_BLUE "[%s]" COLOR_OFF "# ", attr); bt_shell_set_prompt(desc); - free(desc); + g_free(desc); } static void cmd_select_attribute(int argc, char *argv[]) From patchwork Fri May 10 09:11:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796412 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 618001635DC for ; Fri, 10 May 2024 09:18:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; cv=none; b=Qo2YgNrU6UR0a39RXCKlHqtbOE9ZrpqXd7S3U8h9E8MPobzAW0GEypdBrcby3Ak8N9tLej2LlHTWjQRfgufyj6y4HVcYh/yOdVGZwUxiVQbtxv2PhizVq86Tz90ouINee1tryeDONTph4yNs1yRg63XWF2qPU1uJXHjTVj50Qrs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; c=relaxed/simple; bh=LzkVIViMWIOKpornHLG/Viby6Q0GIaFx/oJcwTC9KMw=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AqNEcauKPdKGAVv61KNdtHurUF3Djz7D8SSNfGsOG6zLvuA5t6smI7lik35ys2xfbW40CHzhVa8OfLBoOMl+w/JT2DlkfjfJomVBwrH903xyFwcVQVWa+f1MHfFnEYJG5o7raUmGf6Ad8pNJxfdILhFnbgNLIccOJIjP18B9X5s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id B835B1BF20F for ; Fri, 10 May 2024 09:18:16 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 07/14] monitor/att: Fix memory leak Date: Fri, 10 May 2024 11:11:05 +0200 Message-ID: <20240510091814.3172988-8-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net name2utf8() returns newly allocated memory which needs to be freed. Error: RESOURCE_LEAK (CWE-772): [#def27] [important] bluez-5.75/monitor/att.c:2291:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2291:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2293:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2294:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2292| 2293| print_field(" Media Player Name: %s", name); 2294|-> } 2295| 2296| static void mp_name_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def28] [important] bluez-5.75/monitor/att.c:2320:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2320:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2322:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2323:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2321| 2322| print_field(" Track Title: %s", name); 2323|-> } 2324| 2325| static void track_title_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def29] [important] bluez-5.75/monitor/att.c:2453:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2453:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2455:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2456:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2454| 2455| print_field(" Bearer Name: %s", name); 2456|-> } 2457| 2458| static void bearer_name_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def30] [important] bluez-5.75/monitor/att.c:2472:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2472:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2474:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2475:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2473| 2474| print_field(" Bearer Uci Name: %s", name); 2475|-> } 2476| 2477| static void print_technology_name(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def31] [important] bluez-5.75/monitor/att.c:2541:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2541:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2543:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2544:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2542| 2543| print_field(" Uri scheme Name: %s", name); 2544|-> } 2545| 2546| static void bearer_uri_schemes_list_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def32] [important] bluez-5.75/monitor/att.c:2653:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2653:2: var_assign: Assigning: "call_uri" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2655:2: noescape: Resource "call_uri" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2660:1: leaked_storage: Variable "call_uri" going out of scope leaks the storage it points to. 2658| if (frame->size) 2659| print_hex_field(" call_list Data", frame->data, frame->size); 2660|-> } 2661| 2662| static void bearer_current_call_list_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def33] [important] bluez-5.75/monitor/att.c:2741:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2741:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2743:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2748:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2746| if (frame->size) 2747| print_hex_field(" Data", frame->data, frame->size); 2748|-> } 2749| 2750| static void incom_target_bearer_uri_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def34] [important] bluez-5.75/monitor/att.c:2851:3: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:2851:3: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:2852:3: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:2871:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 2869| if (frame->size) 2870| print_hex_field("call_cp Data", frame->data, frame->size); 2871|-> } 2872| 2873| static void print_call_cp_notification(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def35] [important] bluez-5.75/monitor/att.c:3046:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:3046:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:3048:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:3053:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 3051| if (frame->size) 3052| print_hex_field(" Data", frame->data, frame->size); 3053|-> } 3054| 3055| static void incoming_call_read(const struct l2cap_frame *frame) Error: RESOURCE_LEAK (CWE-772): [#def36] [important] bluez-5.75/monitor/att.c:3077:2: alloc_fn: Storage is returned from allocation function "name2utf8". bluez-5.75/monitor/att.c:3077:2: var_assign: Assigning: "name" = storage returned from "name2utf8((uint8_t *)frame->data, frame->size)". bluez-5.75/monitor/att.c:3079:2: noescape: Resource "name" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/monitor/att.c:3084:1: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 3082| if (frame->size) 3083| print_hex_field(" Data", frame->data, frame->size); 3084|-> } 3085| 3086| static void call_friendly_name_read(const struct l2cap_frame *frame) --- monitor/att.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/monitor/att.c b/monitor/att.c index b3fb3ba6a0ad..a23347ef7ede 100644 --- a/monitor/att.c +++ b/monitor/att.c @@ -2291,6 +2291,8 @@ static void print_mp_name(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Media Player Name: %s", name); + + g_free(name); } static void mp_name_read(const struct l2cap_frame *frame) @@ -2320,6 +2322,8 @@ static void print_track_title(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Track Title: %s", name); + + g_free(name); } static void track_title_read(const struct l2cap_frame *frame) @@ -2453,6 +2457,8 @@ static void print_bearer_name(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Bearer Name: %s", name); + + g_free(name); } static void bearer_name_read(const struct l2cap_frame *frame) @@ -2472,6 +2478,8 @@ static void bearer_uci_read(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Bearer Uci Name: %s", name); + + g_free(name); } static void print_technology_name(const struct l2cap_frame *frame) @@ -2541,6 +2549,8 @@ static void print_uri_scheme_list(const struct l2cap_frame *frame) name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Uri scheme Name: %s", name); + + g_free(name); } static void bearer_uri_schemes_list_read(const struct l2cap_frame *frame) @@ -2654,6 +2664,8 @@ static void print_call_list(const struct l2cap_frame *frame) print_field(" call_uri: %s", call_uri); + g_free(call_uri); + done: if (frame->size) print_hex_field(" call_list Data", frame->data, frame->size); @@ -2742,6 +2754,8 @@ static void print_target_uri(const struct l2cap_frame *frame) print_field(" Uri: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); @@ -2850,6 +2864,7 @@ static void print_call_cp(const struct l2cap_frame *frame) str = "Originate"; name = name2utf8((uint8_t *)frame->data, frame->size); print_field(" Operation: %s Uri: %s", str, name); + g_free(name); break; case 0x05: str = "Join"; @@ -3047,6 +3062,8 @@ static void print_incom_call(const struct l2cap_frame *frame) print_field(" call_string: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); @@ -3078,6 +3095,8 @@ static void print_call_friendly_name(const struct l2cap_frame *frame) print_field(" Friendly Name: %s", name); + g_free(name); + done: if (frame->size) print_hex_field(" Data", frame->data, frame->size); From patchwork Fri May 10 09:11:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796071 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 617BA14E2D5 for ; Fri, 10 May 2024 09:18:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; cv=none; b=juqDNLGlzf75g0QpgfGb/SJiaPlK57S740ObEaILUe5JqqojPTVcms6DR2NTeu/oqsLQFzbwuzOCvn+X36t8/2aoz+OkP70VCvJbeZ/QEtjbS7ej5TpimoDqy2rNxG81FoIombY2ZC7RrkGJQ8Fxrfo1DgaNGw+W0mlIA0c+Jw8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332706; c=relaxed/simple; bh=G2B25kkAZiQUG7ifns57wTkbl2LqrY4Bf0pfzP6VO7M=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=beDjKMw3PJiU/omO2NJPWhZgsm5wappd7rEaovv9onG6pG5RhE5JPdlP0rFTENafZNGBtrPi2mStH3w1o3cu91sRqsQhJojdaN+yzcO5ENBRWawr7wELXGugmqXGIh4uh23LlQjyYKP0BZPM2c3cRqNVBUD2dPcVo4+gyzhtiK8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id EE4641BF210 for ; Fri, 10 May 2024 09:18:16 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 08/14] bap: Fix memory leaks Date: Fri, 10 May 2024 11:11:06 +0200 Message-ID: <20240510091814.3172988-9-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def37] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1066:4: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1064| l2_caps = new0(struct iovec, 1); 1065| if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) 1066|-> goto fail; 1067| 1068| util_iov_memcpy(l2_caps, util_iov_pull_mem(&iov, Error: RESOURCE_LEAK (CWE-772): [#def38] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1080:4: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1078| meta = new0(struct iovec, 1); 1079| if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) 1080|-> goto fail; 1081| 1082| util_iov_memcpy(meta, Error: RESOURCE_LEAK (CWE-772): [#def39] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1080:4: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1078| meta = new0(struct iovec, 1); 1079| if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) 1080|-> goto fail; 1081| 1082| util_iov_memcpy(meta, Error: RESOURCE_LEAK (CWE-772): [#def40] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1097:5: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1095| 1096| if (!util_iov_pull_u8(&iov, &bis_index)) 1097|-> goto fail; 1098| 1099| util_debug(func, NULL, "BIS #%d", bis_index); Error: RESOURCE_LEAK (CWE-772): [#def41] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1097:5: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1095| 1096| if (!util_iov_pull_u8(&iov, &bis_index)) 1097|-> goto fail; 1098| 1099| util_debug(func, NULL, "BIS #%d", bis_index); Error: RESOURCE_LEAK (CWE-772): [#def42] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def43] [important] bluez-5.75/profiles/audio/bap.c:1102:14: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1102:14: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1102:14: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1102:14: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1102:4: var_assign: Assigning: "l3_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "l3_caps" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def44] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1104:5: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1102| l3_caps = new0(struct iovec, 1); 1103| if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) 1104|-> goto fail; 1105| 1106| util_iov_memcpy(l3_caps, Error: RESOURCE_LEAK (CWE-772): [#def45] [important] bluez-5.75/profiles/audio/bap.c:1064:13: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1064:13: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1064:13: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1064:13: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1064:3: var_assign: Assigning: "l2_caps" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1068:3: noescape: Resource "l2_caps" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "l2_caps" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1123:2: leaked_storage: Variable "l2_caps" going out of scope leaks the storage it points to. 1121| } 1122| 1123|-> } 1124| return true; 1125| Error: RESOURCE_LEAK (CWE-772): [#def46] [important] bluez-5.75/profiles/audio/bap.c:1078:10: alloc_fn: Storage is returned from allocation function "util_malloc". bluez-5.75/profiles/audio/bap.c:1078:10: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)". bluez-5.75/profiles/audio/bap.c:1078:10: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/bap.c:1078:10: leaked_storage: Variable "__p" going out of scope leaks the storage it points to. bluez-5.75/profiles/audio/bap.c:1078:3: var_assign: Assigning: "meta" = "({...; __p;})". bluez-5.75/profiles/audio/bap.c:1082:3: noescape: Resource "meta" is not freed or pointed-to in "util_iov_memcpy". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1119:4: noescape: Resource "meta" is not freed or pointed-to in "bt_bap_add_bis". bluez-5.75/profiles/audio/bap.c:1123:2: leaked_storage: Variable "meta" going out of scope leaks the storage it points to. 1121| } 1122| 1123|-> } 1124| return true; 1125| --- profiles/audio/bap.c | 47 +++++++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c index 8e4f4b311fba..15024e26f843 100644 --- a/profiles/audio/bap.c +++ b/profiles/audio/bap.c @@ -1028,6 +1028,7 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, }; uint32_t pres_delay; uint8_t num_subgroups; + bool ret = true; util_debug(func, NULL, "BASE len: %ld", iov.iov_len); @@ -1043,13 +1044,15 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, for (int idx = 0; idx < num_subgroups; idx++) { uint8_t num_bis; struct bt_bap_codec codec; - struct iovec *l2_caps; - struct iovec *meta; + struct iovec *l2_caps = NULL; + struct iovec *meta = NULL; util_debug(func, NULL, "Subgroup #%d", idx); - if (!util_iov_pull_u8(&iov, &num_bis)) + if (!util_iov_pull_u8(&iov, &num_bis)) { + ret = false; goto fail; + } util_debug(func, NULL, "Number of BISes: %d", num_bis); memcpy(&codec, @@ -1062,8 +1065,10 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, /* Level 2 */ /* Read Codec Specific Configuration */ l2_caps = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&l2_caps->iov_len)) { + ret = false; + goto group_fail; + } util_iov_memcpy(l2_caps, util_iov_pull_mem(&iov, l2_caps->iov_len), @@ -1076,8 +1081,10 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, /* Read Metadata */ meta = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&meta->iov_len)) { + ret = false; + goto group_fail; + } util_iov_memcpy(meta, util_iov_pull_mem(&iov, meta->iov_len), @@ -1093,15 +1100,20 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, uint8_t bis_index; struct iovec *l3_caps; - if (!util_iov_pull_u8(&iov, &bis_index)) - goto fail; + if (!util_iov_pull_u8(&iov, &bis_index)) { + ret = false; + goto group_fail; + } util_debug(func, NULL, "BIS #%d", bis_index); /* Read Codec Specific Configuration */ l3_caps = new0(struct iovec, 1); - if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) - goto fail; + if (!util_iov_pull_u8(&iov, (void *)&l3_caps->iov_len)) { + free(l3_caps); + ret = false; + goto group_fail; + } util_iov_memcpy(l3_caps, util_iov_pull_mem(&iov, @@ -1120,13 +1132,20 @@ static bool parse_base(struct bt_bap *bap, struct bt_iso_base *base, meta); } +group_fail: + if (l2_caps != NULL) + free(l2_caps); + if (meta != NULL) + free(meta); + if (!ret) + break; } - return true; fail: - util_debug(func, NULL, "Unable to parse Base"); + if (!ret) + util_debug(func, NULL, "Unable to parse Base"); - return false; + return ret; } static void iso_pa_sync_confirm_cb(GIOChannel *io, void *user_data) From patchwork Fri May 10 09:11:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796411 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D6401635C9 for ; Fri, 10 May 2024 09:18:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332707; cv=none; b=cUWmF8UUZ4qtuLJDoC4/bfcACmb1MseQNH9Lw/OIec6k0ThK5GnHzySXCdR4pH5DDyahFSYYj1WIDT5IaWxjELIdp1xiTMPst5z7eUNbonaQHVIijlvblFal9kvQus+cfULp7tKM6rjQHLDVObzVOk0tqkyeJJadgM137BaxRto= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332707; c=relaxed/simple; bh=XL/7SxkDVsEMuouDDcQaTT4AwMz/tx8Nfzhai1nup08=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZbbIVtntTw8wmCvxKyvFQSYAAWg4gyjff5M/lia/zQAVRwIkUVwtABQXMR826hPkJMbEpC7NzrJLqz0LWJdz3RcbY/7uOHW792X6Rl9gjHX2fYKYJYW2VMuxoJHKxzpPByCRJU8OeeCngmaDMz+93nieziqpJxecsJWSpLSw3b0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 2E9FB1BF211 for ; Fri, 10 May 2024 09:18:17 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 09/14] media: Fix memory leak Date: Fri, 10 May 2024 11:11:07 +0200 Message-ID: <20240510091814.3172988-10-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def47] [important] bluez-5.75/profiles/audio/media.c:1278:2: alloc_arg: "asprintf" allocates memory that is stored into "name". [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.75/profiles/audio/media.c:1291:2: noescape: Resource "name" is not freed or pointed-to in "bt_bap_add_vendor_pac". bluez-5.75/profiles/audio/media.c:1297:3: leaked_storage: Variable "name" going out of scope leaks the storage it points to. 1295| error("Unable to create PAC"); 1296| free(metadata); 1297|-> return false; 1298| } 1299| --- profiles/audio/media.c | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/audio/media.c b/profiles/audio/media.c index 07147a25d532..4bbd584deaba 100644 --- a/profiles/audio/media.c +++ b/profiles/audio/media.c @@ -1293,6 +1293,7 @@ static bool endpoint_init_pac(struct media_endpoint *endpoint, uint8_t type, &data, metadata); if (!endpoint->pac) { error("Unable to create PAC"); + free(name); free(metadata); return false; } From patchwork Fri May 10 09:11:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796410 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7290C1635CD for ; Fri, 10 May 2024 09:18:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; cv=none; b=gu1m5yVB7BsreN576lCMnzSyFExfqh7F+5rSHuttapbQIee6rVv31EdQDKcBkXQCrzhBZSlz5XY2Qt195pTeJl7aCzA/A7CnoMROxXqMd9gDHQSNNmSUhFOWjfHNp2KZxSAUi3h1yublKvMQtx9jx8YtbCljZzgoKLeEXFsKjA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; c=relaxed/simple; bh=KfzM9M9j5GTuPghCb5LA3rp6JbWwmqCc2mF+vpZC2oQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qgpuaMIFnC6m+qPeVlgFhw0De4gTWiRP51v68DRLh/yQ3JVkFU1/Ssjp479rpqVzYVIvo5/L4OpSxgyniS7MWjvUuzBu0fDO0PtVvq570zKUtXCshnpy+ik0ulS13Ic5ypvthOiWtqlV0PfuOGD7Cov3qwAksebL6QoRRl36fdA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 5D3561BF20E for ; Fri, 10 May 2024 09:18:17 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 10/14] main: Fix memory leaks Date: Fri, 10 May 2024 11:11:08 +0200 Message-ID: <20240510091814.3172988-11-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def51] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:456:3: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "btd_error". bluez-5.75/src/main.c:457:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:457:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 455| if (!endptr || *endptr != '\0') { 456| error("%s.%s = %s is not integer", group, key, str); 457|-> return false; 458| } 459| Error: RESOURCE_LEAK (CWE-772): [#def52] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:463:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:463:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 461| warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp, 462| min); 463|-> return false; 464| } 465| Error: RESOURCE_LEAK (CWE-772): [#def53] [important] bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str". bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument. bluez-5.75/src/main.c:475:2: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to. bluez-5.75/src/main.c:475:2: leaked_storage: Variable "str" going out of scope leaks the storage it points to. 473| *val = tmp; 474| 475|-> return true; 476| } 477| --- src/main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main.c b/src/main.c index 23af6781d931..ac840d684f6d 100644 --- a/src/main.c +++ b/src/main.c @@ -454,21 +454,25 @@ static bool parse_config_int(GKeyFile *config, const char *group, tmp = strtol(str, &endptr, 0); if (!endptr || *endptr != '\0') { error("%s.%s = %s is not integer", group, key, str); + g_free(str); return false; } if (tmp < min) { + g_free(str); warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp, min); return false; } if (tmp > max) { + g_free(str); warn("%s.%s = %zu is out of range (> %zu)", group, key, tmp, max); return false; } + g_free(str); if (val) *val = tmp; From patchwork Fri May 10 09:11:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796070 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 728C71607A3 for ; Fri, 10 May 2024 09:18:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; cv=none; b=skyeSYu1Sj55QRtfJNNVkv8cKWHQlxg2C6yHLCLH+38GOsuQ0UScy9PFRdX8Is635emATRzi00kv2CdDzbTR3N03QzsdlYROiQ95P4spZPUyuhx/omrVSpXFxDlHeZTo0fU+IhO/KLUawZiA7m5yqCQscnvrJIcbHA3KE84OwgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; c=relaxed/simple; bh=ZfaaZ7dEeQ9VjznH7vB7wWyIi9NLs2xFK5M4PvwRoK4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=G4YFcgykPtWevzkrsazTLvc5UoeHn+fNX4eQaInBdQYu7z37LuNrfucH1Qk0DVvivtvLyj3lYGjjvFgTR90sJr07fmIco7N/ZxdjcZptqwAkhrLxOW+kJ+HBNnl34W3lc8vL34+iCwvjNoGegeJhVwkJW6udTgBJrecPwvy5wBU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 904D41BF212 for ; Fri, 10 May 2024 09:18:17 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 11/14] isotest: Consider "0" fd to be valid Date: Fri, 10 May 2024 11:11:09 +0200 Message-ID: <20240510091814.3172988-12-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: RESOURCE_LEAK (CWE-772): [#def79] [important] bluez-5.75/tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file". bluez-5.75/tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)". bluez-5.75/tools/isotest.c:925:3: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. "fd" leaks when it is zero. bluez-5.75/tools/isotest.c:925:3: remediation: Did you intend to include equality with zero? bluez-5.75/tools/isotest.c:926:4: overwrite_var: Overwriting handle "fd" in "fd = open_file(filename)" leaks the handle. 924| 925| if (fd <= 0) 926|-> fd = open_file(filename); 927| } 928| --- tools/isotest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/isotest.c b/tools/isotest.c index 7e875fa58b15..810d15d2df2a 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -922,7 +922,7 @@ static void send_mode(char *filename, char *peer, int i, bool repeat) if (!err) fd = open_file(altername); - if (fd <= 0) + if (fd < 0) fd = open_file(filename); } From patchwork Fri May 10 09:11:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796069 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 996AA165FDB for ; Fri, 10 May 2024 09:18:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; cv=none; b=EPbOOjd6YBmDtku9yIgrsjGlx+iAIT8ckG07vQSxba28aJhK+02hHj9XghcZSmWiIjzs27z9m6oXKkhoc3ysSsU5lm7aDgsvch/9IszqXXiAlWEF5UGhjxetYwAO5jnOsMHo4KG2fn60BWYwxL734xDojaMnzInAkbeH0kNg5Xs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332708; c=relaxed/simple; bh=Z4Ect0czkbLcBsbsoMl8fFiwHYkN+tVjcHoe1Tp/VkU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lAW7H39KdeWCueR1Rm0yJG27vbijEdEIttY313fxBcySal3wzBTrz2QBfLpRHTzBPNOcVMsZ7CCVbNeuhMnHxHOQtlUn6HVRB9NHO0113LE3rE4dSGmAC412rwGmfEqxEoeaiHjx02KOVM0WLZuWywKRC2zvC6D5Xgv6W+rGccQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id BC53D1BF213 for ; Fri, 10 May 2024 09:18:17 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 12/14] isotest: Fix error check after opening file Date: Fri, 10 May 2024 11:11:10 +0200 Message-ID: <20240510091814.3172988-13-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Consider "0" to be a valid fd. --- tools/isotest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/isotest.c b/tools/isotest.c index 810d15d2df2a..ddace0da3044 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -720,7 +720,7 @@ static int open_file(const char *filename) syslog(LOG_INFO, "Opening %s ...", filename); fd = open(filename, O_RDONLY); - if (fd <= 0) { + if (fd < 0) { syslog(LOG_ERR, "Can't open file %s: %s\n", filename, strerror(errno)); } From patchwork Fri May 10 09:11:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796409 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 995F3165FD8 for ; Fri, 10 May 2024 09:18:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332709; cv=none; b=Vz65sskxuKK+cDLi9fnL1vk5E170S8Hj+7PcV+MlMkTFtah3zlEoT1OV0dYVtwkWjff5MiWOCIRSdur3Lar81YQMVF7xwoeXgkTgLbYLR79eql7RMTSrPm6EXIN9hjKsFP9lJomnSw5ntS8Hr9D1HIkZF8BPrlxbWtOLyazkzvY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332709; c=relaxed/simple; bh=UVmzgHwRrHupYFJb/Xbq0QuAhlgLC7EEyPNuRozn0po=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kgAg4R09TNdWuMA+cxpmIdZx44DEH0Hig+WzpoPyv8UhAU4OdCmsvaFWmnwEwrzu0KUoxnBoqRJWETELMHAa6GmxHvb1mW/DcfllWOxpArzbxvh5UKXNMLpkSzGZncrb9N04lEwTj949KJYsxC4UKOEabt7KFIcpokiQPFRmpB8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 0205A1BF214 for ; Fri, 10 May 2024 09:18:17 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 13/14] client/player: Fix copy/paste error Date: Fri, 10 May 2024 11:11:11 +0200 Message-ID: <20240510091814.3172988-14-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: COPY_PASTE_ERROR (CWE-398): [#def95] [important] bluez-5.75/client/player.c:1846:6: original: "qos->sync_cte_type" looks like the original copy. bluez-5.75/client/player.c:1852:6: copy_paste_error: "sync_cte_type" in "qos->sync_cte_type" looks like a copy-paste error. bluez-5.75/client/player.c:1852:6: remediation: Should it say "mse" instead? 1850| } 1851| 1852|-> if (qos->sync_cte_type) { 1853| bt_shell_printf("MSE %u\n", qos->mse); 1854| g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE, --- client/player.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/player.c b/client/player.c index 6b70e9ed3f9d..7f67425aaf8f 100644 --- a/client/player.c +++ b/client/player.c @@ -1849,7 +1849,7 @@ static void append_bcast_qos(DBusMessageIter *iter, struct endpoint_config *cfg) &qos->sync_cte_type); } - if (qos->sync_cte_type) { + if (qos->mse) { bt_shell_printf("MSE %u\n", qos->mse); g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE, &qos->mse); From patchwork Fri May 10 09:11:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastien Nocera X-Patchwork-Id: 796068 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99667165FD9 for ; Fri, 10 May 2024 09:18:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332709; cv=none; b=Zc2pFJgPbUNaMtoG4fpnEKYhcyFRQLns6ooDOAWEDZz0DCf51KZ0nGlB5vaqlTP0O5dhSedr9ViTKrdqR6gzcSTVjDcQmAg7IoPZ6/qLGCE3h9OnphQqMFAG2cP2/cqLaqBxRrPtStGZBklyZKGqHpJU2JvOeX00wCxT/c/FL+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715332709; c=relaxed/simple; bh=M3Ywyy+4fuNjRQVFMj+DtHH2PN8++yYDfen2QT1Gpis=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gvnRqi2x203XAT0TAwj8VcCjHnpciepcJCxN3FyNdHHm5/o44HtFFtMHSevixfrRubHaYOJ+Eiwd9BDRLg/ALLguw3XS7E6su15+Y5GRr1U6yi/ISOhUCKwMnPe5KdsSzOVr1ckz9vTM4q8NslfAAeRvFCh/E91IvG0K5a8qPJo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 309611BF216 for ; Fri, 10 May 2024 09:18:18 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 14/14] shared/vcp: Fix copy/paste error Date: Fri, 10 May 2024 11:11:12 +0200 Message-ID: <20240510091814.3172988-15-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-GND-Sasl: hadess@hadess.net Error: COPY_PASTE_ERROR (CWE-398): [#def97] [important] bluez-5.75/src/shared/vcp.c:2610:16: original: "aics->gain_stting_prop" looks like the original copy. bluez-5.75/src/shared/vcp.c:2625:16: copy_paste_error: "gain_stting_prop" in "aics->gain_stting_prop" looks like a copy-paste error. bluez-5.75/src/shared/vcp.c:2625:16: remediation: Should it say "aud_ip_type" instead? 2623| 2624| aics = vcp_get_aics(vcp); 2625|-> if (!aics || aics->gain_stting_prop) 2626| return; 2627| --- src/shared/vcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/vcp.c b/src/shared/vcp.c index 7ba54e64adc0..b7e17e448b74 100644 --- a/src/shared/vcp.c +++ b/src/shared/vcp.c @@ -2622,7 +2622,7 @@ static void foreach_aics_char(struct gatt_db_attribute *attr, void *user_data) value_handle); aics = vcp_get_aics(vcp); - if (!aics || aics->gain_stting_prop) + if (!aics || aics->aud_ip_type) return; aics->aud_ip_type = attr;