projects / platform / core / api / bluetooth.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 124b8bc)
Validate GATT handle in CAPI 33/248433/1
authorAyush Garg <ayush.garg@samsung.com>
Thu, 26 Nov 2020 11:28:37 +0000 (16:58 +0530)
committerAyush Garg <ayush.garg@samsung.com>
Thu, 26 Nov 2020 11:28:37 +0000 (16:58 +0530)
Validation of GATT handle is missing in few CAPIs (ex. bt_gatt_characteristic_destroy)
which leads to coredump sometimes.
One such scenario is when application accidently calls bt_gatt_characteristic_destroy
even after destroying the GATT server.
This change will handle such cases.

Change-Id: Iafb43af73ee25b192bfa673bbde7f96498c1557e
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
src/bluetooth-gatt.c patch | blob | history

diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index 1915e47..0f07527 100644 (file)
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -1017,7 +1017,7 @@ static void __bt_gatt_free_characteristic(bt_gatt_h gatt_handle)
        svc_handle.instance_id = service_s->instance_id;
 
        BT_INFO("Service UUID [%s]", service_s->uuid);
-       BT_INFO("Charc Instance ID [%d]", service_s->instance_id);
+       BT_INFO("Service Instance ID [%d]", service_s->instance_id);
 
        BT_INFO("Charc UUID [%s]", chr->uuid);
        BT_INFO("Charc Instance ID [%d]", chr->instance_id);
@@ -1345,6 +1345,8 @@ int bt_gatt_characteristic_destroy(bt_gatt_h gatt_handle)
        BT_CHECK_INIT_STATUS();
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_CHARACTERISTIC)
                __bt_gatt_destroy_characteristic(gatt_handle);
        else {
@@ -1363,6 +1365,8 @@ int bt_gatt_descriptor_destroy(bt_gatt_h gatt_handle)
        BT_CHECK_INIT_STATUS();
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_DESCRIPTOR)
                __bt_gatt_destroy_descriptor(gatt_handle);
        else {
@@ -1419,6 +1423,8 @@ int bt_gatt_get_int_value(bt_gatt_h gatt_handle, bt_data_type_int_e type,
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(value); /* LCOV_EXCL_START */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_CHARACTERISTIC) {
                val = chr->value;
                val_len = chr->value_length;
@@ -1482,6 +1488,8 @@ int bt_gatt_get_float_value(bt_gatt_h gatt_handle, bt_data_type_float_e type,
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(value); /* LCOV_EXCL_START */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_CHARACTERISTIC) {
                val = chr->value;
                val_len = chr->value_length;
@@ -1611,6 +1619,8 @@ int bt_gatt_set_int_value(bt_gatt_h gatt_handle, bt_data_type_int_e type,
 
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_CHARACTERISTIC) { /* LCOV_EXCL_START */
                val = &chr->value;
                val_len = &chr->value_length;
@@ -1740,6 +1750,8 @@ int bt_gatt_set_float_value(bt_gatt_h gatt_handle, bt_data_type_float_e type,
 
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (handle->type == BT_GATT_TYPE_CHARACTERISTIC) { /* LCOV_EXCL_START */
                val = &chr->value;
                val_len = &chr->value_length;
@@ -1920,6 +1932,8 @@ int bt_gatt_get_uuid(bt_gatt_h gatt_handle, char **uuid)
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(uuid); /* LCOV_EXCL_LINE */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        *uuid = g_strdup(handle->uuid); /* LCOV_EXCL_LINE */
 
        return BT_ERROR_NONE; /* LCOV_EXCL_LINE */
@@ -1935,6 +1949,8 @@ int bt_gatt_get_type(bt_gatt_h gatt_handle, bt_gatt_type_e *gatt_type)
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(gatt_type); /* LCOV_EXCL_LINE */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        *gatt_type = handle->type; /* LCOV_EXCL_LINE */
 
        return BT_ERROR_NONE; /* LCOV_EXCL_LINE */
@@ -3827,6 +3843,8 @@ int bt_gatt_client_read_value(bt_gatt_h gatt_handle,
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(callback); /* LCOV_EXCL_START */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (__bt_gatt_client_is_in_progress()) {
                BT_ERR("Operation is in progress");
                return BT_ERROR_NOW_IN_PROGRESS;
@@ -3977,6 +3995,8 @@ int bt_gatt_client_write_value(bt_gatt_h gatt_handle,
        BT_CHECK_INPUT_PARAMETER(gatt_handle);
        BT_CHECK_INPUT_PARAMETER(callback); /* LCOV_EXCL_START */
 
+       BT_VALIDATE_GATT_HANDLE(gatt_handle);
+
        if (__bt_gatt_client_is_in_progress()) {
                BT_ERR("Operation is in progress");
                return BT_ERROR_NOW_IN_PROGRESS;
Domain: Network & Connectivity / Bluetooth;