From a35b9133d696a14a4c8f9f588240b6bd56f29dfb Mon Sep 17 00:00:00 2001 From: Semun Lee Date: Fri, 7 Feb 2020 10:36:26 +0900 Subject: [PATCH] Fix wront memory references and leaks Issues was reported by a static analyzer Change-Id: I5cb0a6e01b0a0bb6d70bd3edb7bb5bf0193f63b8 Signed-off-by: Semun Lee --- src/bluetooth-adapter.c | 1 + src/bluetooth-common.c | 4 ++++ test/bt_unit_test.c | 9 ++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c index 6c1d7a7..d8e08a4 100644 --- a/src/bluetooth-adapter.c +++ b/src/bluetooth-adapter.c @@ -845,6 +845,7 @@ int bt_adapter_foreach_profile_connected_devices(const char *profile_uuid, addr_list = g_ptr_array_new(); if (addr_list == NULL) { BT_ERR("OUT_OF_MEMORY(0x%08x)", BT_ERROR_OUT_OF_MEMORY); + g_free(uuid128); return BT_ERROR_OUT_OF_MEMORY; } diff --git a/src/bluetooth-common.c b/src/bluetooth-common.c index 1c42639..b5b8e83 100644 --- a/src/bluetooth-common.c +++ b/src/bluetooth-common.c @@ -2615,6 +2615,10 @@ static void __bt_event_proxy(int event, bluetooth_event_param_t *param, void *us (bluetooth_gatt_server_write_requested_info_t *)(param->param_data); char *val = g_malloc0(write_req->length); + if (val == NULL) { + BT_ERR("failed to allocate val"); + return; + } memcpy(val, write_req->data.data, write_req->length); cb_wr = __bt_gatt_attribute_get_value_change_cb(write_req->attribute_handle, diff --git a/test/bt_unit_test.c b/test/bt_unit_test.c index abf2ec4..209970a 100644 --- a/test/bt_unit_test.c +++ b/test/bt_unit_test.c @@ -3043,7 +3043,8 @@ void __bt_ipsp_connection_state_changed_cb(int result, TC_PRT("Local BT Interface : %s is Up", iface_name); else TC_PRT("Local BT Interface : %s is Down", iface_name); - memcpy(ipsp_iface_name, iface_name, strlen(iface_name)); + strncpy(ipsp_iface_name, iface_name, sizeof(ipsp_iface_name)); + ipsp_iface_name[sizeof(ipsp_iface_name) - 1] = '\0'; } void __bt_hf_sco_state_changed_cb(int result, @@ -5113,6 +5114,12 @@ int test_input_callback(void *data) __bt_free_test_param(&g_test_param); } + if (slot_id < 0 || + slot_id >= (sizeof(advertiser_list) / sizeof(advertiser_list[0]))) { + TC_PRT("wrong slot_id: %d", slot_id); + break; + } + advertiser = advertiser_list[slot_id]; ret = bt_adapter_le_stop_advertising(advertiser); -- 2.7.4