From ed5b375cd2e3c7cabc9032267375d81b5bbb60f7 Mon Sep 17 00:00:00 2001 From: Szymon Janc Date: Thu, 26 Jul 2018 16:34:00 +0200 Subject: [PATCH] shared/gatt-client: Fix crash on ext prop read failure [Problem] bluetoothd crash happens. [Cause & Measure] There is no routine for failure case of extended property read response. It causes invalid memory access. There is upstream patch for this issue. So this patch applies the upstream patch. [Checking Method] Disconnect BLE during GATT service discovery. This is some times issue. [Original upstream patch] commit 6e2eb99f666ea7084067196472ff8d49e06f90d9 Author: Szymon Janc Date: Thu Jul 26 16:34:00 2018 +0200 shared/gatt-client: Fix crash on ext prop read failure Program received signal SIGSEGV, Segmentation fault. Program received signal SIGSEGV, Segmentation fault. ext_prop_read_cb (success=false, att_ecode=0 '\000', value=0x0, length=0, user_data=0x72ad30) at src/shared/gatt-client.c:711 711 src/shared/gatt-client.c: No such file or directory. (gdb) bt 0 ext_prop_read_cb (success=false, att_ecode=0 '\000', value=0x0, length=0, user_data=0x72ad30) at src/shared/gatt-client.c:711 1 0x000000000049b8cc in disc_att_send_op (data=0x7199b0) at src/shared/att.c:547 2 0x000000000049cb44 in disconnect_cb (io=, user_data=0x716070) at src/shared/att.c:580 3 0x00000000004a6405 in watch_callback (channel=, cond=, user_data=) at src/shared/io-glib.c:170 4 0x00007ffff78c704a in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 5 0x00007ffff78c73f0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 6 0x00007ffff78c7712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 7 0x000000000040c620 in main (argc=1, argv=0x7fffffffe5a8) at src/main.c:781 Change-Id: I6f0a0b1501761693ebdbd851773878e827cd6cce --- src/shared/gatt-client.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c index f8e94b7..7cafa97 100644 --- a/src/shared/gatt-client.c +++ b/src/shared/gatt-client.c @@ -747,11 +747,8 @@ static void ext_prop_read_cb(bool success, uint8_t att_ecode, bool discovering; struct gatt_db_attribute *desc_attr = NULL; -#ifdef TIZEN_FEATURE_BLUEZ_MODIFY - if (success) -#endif - util_debug(client->debug_callback, client->debug_data, - "Ext. prop value: 0x%04x", (uint16_t)value[0]); + if (!success) + goto done; desc_attr = queue_pop_head(op->ext_prop_desc); if (!desc_attr) -- 2.7.4