Public bug reported:
Hello everyone,
Test setup: ubuntu 19.04, bluez 5.50, kernel bug id 204201
We are currently developing a device that contains two HID services.
That device, as it is right now, is properly functioning on Windows & Android.
However, when pairing the device on Linux running bluez 5.50 we do get
segfaults (see attached files).
Our bluetooth device has 4 services : 1 battery service, 2 HID Over Gatt
services and 1 device information service.
With trial and error, we managed to find that we wouldn't get any crash as long
as only 1 HOG service was present.
Here's the interesting part. The two HOG services are made as follows:
- standard keyboard over gatt: protocole mode / report map / 1 INPUT report /
boot INPUT + OUTPUT / HID information / HID Control point
- raw HID over gatt : report map / 1 INPUT report / 1 OUTPUT report / HID
information / HID control point
Looking at the write_ccc in the call stacks we wondered if the callbacks
subscribing to notifications for the INPUT reports were causing this
issue.
We therefore changed the raw HID over gatt (and its report map) to
remove the INPUT report and change it into 1 OUTPUT report (leading to 2
OUTPUT reports): no crash.
We therefore hypothesize that the segfault occurs when subscribing to
notification on a second HOG service...
** Affects: bluez (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837467
Title:
segfault when CCD are present in two different HOG services
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1837467/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
