Fix wront memory references and leaks

author Semun Lee <semun.lee@samsung.com>

Fri, 7 Feb 2020 01:36:26 +0000 (10:36 +0900)

committer Semun Lee <semun.lee@samsung.com>

Fri, 7 Feb 2020 01:47:48 +0000 (10:47 +0900)
author Semun Lee <semun.lee@samsung.com>
Fri, 7 Feb 2020 01:36:26 +0000 (10:36 +0900)
committer Semun Lee <semun.lee@samsung.com>
Fri, 7 Feb 2020 01:47:48 +0000 (10:47 +0900)
diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c

index 6c1d7a7..d8e08a4 100644 (file)
--- a/src/bluetooth-adapter.c
+++ b/src/bluetooth-adapter.c
@@ -845,6 +845,7 @@ int bt_adapter_foreach_profile_connected_devices(const char *profile_uuid,
         addr_list = g_ptr_array_new();
         if (addr_list == NULL) {
                 BT_ERR("OUT_OF_MEMORY(0x%08x)", BT_ERROR_OUT_OF_MEMORY);
+               g_free(uuid128);
                 return BT_ERROR_OUT_OF_MEMORY;
         }
  
diff --git a/src/bluetooth-common.c b/src/bluetooth-common.c

index 1c42639..b5b8e83 100644 (file)
--- a/src/bluetooth-common.c
+++ b/src/bluetooth-common.c
@@ -2615,6 +2615,10 @@ static void __bt_event_proxy(int event, bluetooth_event_param_t *param, void *us
                                         (bluetooth_gatt_server_write_requested_info_t *)(param->param_data);
  
                 char *val = g_malloc0(write_req->length);
+               if (val == NULL) {
+                       BT_ERR("failed to allocate val");
+                       return;
+               }
  
                 memcpy(val, write_req->data.data, write_req->length);
                 cb_wr = __bt_gatt_attribute_get_value_change_cb(write_req->attribute_handle,
diff --git a/test/bt_unit_test.c b/test/bt_unit_test.c

index abf2ec4..209970a 100644 (file)
--- a/test/bt_unit_test.c
+++ b/test/bt_unit_test.c
@@ -3043,7 +3043,8 @@ void __bt_ipsp_connection_state_changed_cb(int result,
                 TC_PRT("Local BT Interface : %s is Up", iface_name);
         else
                 TC_PRT("Local BT Interface : %s is Down", iface_name);
-       memcpy(ipsp_iface_name, iface_name, strlen(iface_name));
+       strncpy(ipsp_iface_name, iface_name, sizeof(ipsp_iface_name));
+       ipsp_iface_name[sizeof(ipsp_iface_name) - 1] = '\0';
  }
  
  void __bt_hf_sco_state_changed_cb(int result,
@@ -5113,6 +5114,12 @@ int test_input_callback(void *data)
                                 __bt_free_test_param(&g_test_param);
                         }
  
+                       if (slot_id < 0 ||
+                               slot_id >= (sizeof(advertiser_list) / sizeof(advertiser_list[0]))) {
+                               TC_PRT("wrong slot_id: %d", slot_id);
+                               break;
+                       }
+
                         advertiser = advertiser_list[slot_id];
  
                         ret = bt_adapter_le_stop_advertising(advertiser);
author	Semun Lee <semun.lee@samsung.com>
	Fri, 7 Feb 2020 01:36:26 +0000 (10:36 +0900)
committer	Semun Lee <semun.lee@samsung.com>
	Fri, 7 Feb 2020 01:47:48 +0000 (10:47 +0900)
src/bluetooth-adapter.c		patch \| blob \| history
src/bluetooth-common.c		patch \| blob \| history
test/bt_unit_test.c		patch \| blob \| history