Your message dated Wed, 23 May 2018 00:19:20 +0000 with message-id <[email protected]> and subject line Bug#884663: fixed in bluez 5.49-2 has caused the Debian Bug report #884663, regarding bluez segfault after PIN entry to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 884663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884663 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: bluez Version: 5.46-0ubuntu3 Severity: normal Tags: patch upstream Dear Maintainer, I have a bluetooth low energy enabled home-trainer that causes the 'bluetoothd' to quit with a seqfault directly after the PIN entry. I've also tested the git- upstream version of bluez but the result is the same. I open 'bluetoothctl', search for the device and then try to pair it with 'pair MAC-address'. The PIN-Entry shows up and I enter the correct PIN. Directly after pressing enter, to confirm the PIN, I can see that the bluetoothd stops. Here is the 'gdb' output: Program received signal SIGSEGV, Segmentation fault. 0x000055555563fa41 in ext_prop_read_cb (success=false, att_ecode=15 '\017', value=0x0, length=4, user_data=0x5555558db900) at src/shared/gatt-client.c:692 692 "Ext. prop value: 0x%04x", (uint16_t)value[0]); (gdb) bt #0 0x000055555563fa41 in ext_prop_read_cb (success=false, att_ecode=15 '\017', value=0x0, length=4, user_data=0x5555558db900) at src/shared/gatt-client.c:692 #1 0x0000555555642a21 in read_cb (opcode=1 '\001', pdu=0x5555558c53e1, length=4, user_data=0x5555558db2d0) at src/shared/gatt-client.c:2142 #2 0x000055555563cfd3 in handle_rsp (att=0x5555558d1a30, opcode=1 '\001', pdu=0x5555558c53e1 "\n<", pdu_len=4) at src/shared/att.c:707 #3 0x000055555563d527 in can_read_data (io=0x5555558d74b0, user_data=0x5555558d1a30) at src/shared/att.c:879 #4 0x000055555564bbcf in watch_callback (channel=0x5555558c8480, cond=G_IO_IN, user_data=0x5555558bb410) at src/shared/io-glib.c:170 #5 0x00007ffff7b0be25 in g_main_context_dispatch () from /lib/x86_64-linux- gnu/libglib-2.0.so.0 #6 0x00007ffff7b0c1f0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff7b0c502 in g_main_loop_run () from /lib/x86_64-linux- gnu/libglib-2.0.so.0 #8 0x00005555555cd5b0 in main (argc=1, argv=0x7fffffffe5b8) at src/main.c:770 (gdb) (gdb) p value $2 = (const uint8_t *) 0x0 (gdb) p success $3 = false (gdb) p att_ecode $4 = 15 '\017' (gdb) p length $5 = 4 (gdb) I found that the variable 'value' is not initialized in the function 'read_db' (src/shared/gatt-client.c:~2112) when the opcode is BT_ATT_OP_ERROR_RSP, but later on in the code the contents of the variable 'value' is used (src/shared/gatt-client.c:692) despite the fact that it still points to NULL. Best regards Fabian -- System Information: Debian Release: stretch/sid APT prefers artful-updates APT policy: (500, 'artful-updates'), (500, 'artful-security'), (500, 'artful'), (100, 'artful-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-19-generic (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bluez depends on: ii dbus 1.10.22-1ubuntu1 ii init-system-helpers 1.49ubuntu1 ii kmod 24-1ubuntu2 ii libc6 2.26-0ubuntu2 ii libdbus-1-3 1.10.22-1ubuntu1 ii libglib2.0-0 2.54.1-1ubuntu1 ii libreadline7 7.0-0ubuntu2 ii libudev1 234-2ubuntu12.1 ii lsb-base 9.20160110ubuntu5 ii udev 234-2ubuntu12.1 bluez recommends no packages. bluez suggests no packages. -- Configuration Files: /etc/dbus-1/system.d/bluetooth.conf changed [not included] /etc/init.d/bluetooth changed [not included] -- no debconf informationdiff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c index 4b3f553f1..98dc76a9e 100755 --- a/src/shared/gatt-client.c +++ b/src/shared/gatt-client.c @@ -2119,6 +2119,10 @@ static void read_cb(uint8_t opcode, const void *pdu, uint16_t length, const uint8_t *value = NULL; uint16_t value_len = 0; + value_len = length; + if (value_len) + value = pdu; + if (opcode == BT_ATT_OP_ERROR_RSP) { success = false; att_ecode = process_error(pdu, length); @@ -2131,9 +2135,6 @@ static void read_cb(uint8_t opcode, const void *pdu, uint16_t length, } success = true; - value_len = length; - if (value_len) - value = pdu; done: if (op->callback)
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.49-2 We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nobuhiro Iwamatsu <[email protected]> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 23 May 2018 08:29:05 +0900 Source: bluez Binary: libbluetooth3 libbluetooth-dev bluetooth bluez bluez-cups bluez-obexd bluez-hcidump bluez-test-tools bluez-test-scripts Architecture: source Version: 5.49-2 Distribution: unstable Urgency: medium Maintainer: Debian Bluetooth Maintainers <[email protected]> Changed-By: Nobuhiro Iwamatsu <[email protected]> Description: bluetooth - Bluetooth support bluez - Bluetooth tools and daemons bluez-cups - Bluetooth printer driver for CUPS bluez-hcidump - Analyses Bluetooth HCI packets bluez-obexd - bluez obex daemon bluez-test-scripts - test scripts of bluez bluez-test-tools - test tools of bluez libbluetooth-dev - Development files for using the BlueZ Linux Bluetooth library libbluetooth3 - Library to use the BlueZ Linux Bluetooth stack Closes: 877482 884663 898201 Changes: bluez (5.49-2) unstable; urgency=medium . * Fix bluetoothd segfault in btd_adv_manager_refresh() (Closes: #898201) Add patches/adapter-Fix-accessing-NULL-adv_manager.patch. Cherry-picked from 37a30b5435a45c3f8e233309fc70fc7de92b2e76. * Fix segfault after PIN entry. (Closes: #884663) Add patches/shared-gatt-client-Fix-segfault-after-PIN-entry.patch. * Remove obsolete conf file by bluez.preinst. (Closes: #877482) Checksums-Sha1: 93e48ea02c7b9422a9b315f97840f16cac608af8 2560 bluez_5.49-2.dsc eea3c55a9fab76dc2ce1656ba60a0d62cfb8b226 31964 bluez_5.49-2.debian.tar.xz 6dfab8756280259ae807686430704a8ac14b1752 11497 bluez_5.49-2_amd64.buildinfo Checksums-Sha256: 953cd302bc24e722841fc05307be8d44378f4343d28f7a3de0e43a3b53f9efa0 2560 bluez_5.49-2.dsc 8134cae2d47f7df8007035328c860abec1feddfb175eef365b233e932b6e720e 31964 bluez_5.49-2.debian.tar.xz 4bbaec170a83f16d4080ddc56c0884acf7d418608b5aab1b543c929162d54df3 11497 bluez_5.49-2_amd64.buildinfo Files: f002b03a1c5af53d7156a0eb50ff60d3 2560 admin optional bluez_5.49-2.dsc 47cfd256368468bdec25996eb13b60bb 31964 admin optional bluez_5.49-2.debian.tar.xz 375f94388e031b01dbb623376f36728f 11497 admin optional bluez_5.49-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAlsEsHoACgkQMiR/u0Ct H6YaIg//ZkfnzzeusCnmq27GfTg0uTQElzsJXaSFSh7/9NMUr5sULxV7J/OP7YVo zSPaVIJpt3t6ObHNlIL7yM0Ud4PmHGvVvsAomeaVmIBtYeIERxoIXW/RgQWy3DAU 6HbbcBGkWVe5aMkOJM6CmOArN1j9A3OOrXvKB8guFWBu+N8ZLGGbVQVRzJDdzYX/ wAOeLLnuyfbSR9vO3Wp20XocVjuJ35FrxnFFpMIAifsgU63Ygu49hg9evnHfH8a/ XedwLLe+fJ7YKngQyo/1Taf4cW9BYRAg3YEy39a2McO/ImmglxdeNIemxPWygs92 XwFLC/A610ggy8ssYT9tD1+8kOG0UHkGDZ064XOGQYkOs738Mk8FAvGAfensVB0n m/D2xzzp5xfKTEBnpdQbw1Xa5JwxN0aF1wbdKAXbSjrp1IRJC9Becw1jsgWZkc7V zo+qcdwvvsr+/2wu8az0peYMrgOLNqmYgJH/JV/OwQi5ZjDv0dA8bxoGVWP3MAo2 3fIGE/CUGDPq5f5XMHRXGu1MkUoEe9Ew0dRyme9y5wyPSLMmnAmj9qIcpF/wzcr7 fHxaa8yVEDFIcznPJbXec7IyNeSUYhA41mT7FrZZJg6FilkKflX/KWA8Z/opxzwH jhr03n1xeNYxRkl8Q5xIoiwOq/+yDNJvUVyNdWbjG8ASe4ZbJbk= =Wfx8 -----END PGP SIGNATURE-----
--- End Message ---
