Skip to content

Commit

Permalink
btdev: Fix crash on BIG Sync Terminate command
Browse files Browse the repository at this point in the history
When receiving BIG Sync Terminate command the following crash could be
observed:

Invalid read of size 8
   at 0x15FC9F: cmd_big_term_sync (btdev.c:6417)
   by 0x15D19D: run_cmd (btdev.c:7269)
   by 0x16E7DF: process_cmd (btdev.c:7425)
   by 0x16E7DF: btdev_receive_h4 (btdev.c:7516)
   by 0x143AB9: vhci_read_callback (vhci.c:77)
   by 0x185AAE: io_callback (io-mainloop.c:110)
   by 0x187158: mainloop_run (mainloop.c:106)
   by 0x188357: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x4EA6B89: (below main) (in /usr/lib64/libc.so.6)
 Address 0x53cf678 is 8 bytes inside a block of size 16 free'd
   at 0x4845B2C: free (vg_replace_malloc.c:985)
   by 0x17E0FE: queue_remove (queue.c:256)
   by 0x1497F0: conn_remove (btdev.c:537)
   by 0x15FC8A: cmd_big_term_sync (btdev.c:6427)
   by 0x15D19D: run_cmd (btdev.c:7269)
   by 0x16E7DF: process_cmd (btdev.c:7425)
   by 0x16E7DF: btdev_receive_h4 (btdev.c:7516)
   by 0x143AB9: vhci_read_callback (vhci.c:77)
   by 0x185AAE: io_callback (io-mainloop.c:110)
   by 0x187158: mainloop_run (mainloop.c:106)
   by 0x188357: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x4EA6B89: (below main) (in /usr/lib64/libc.so.6)
  • Loading branch information
Vudentz committed Feb 2, 2024
1 parent 05efccc commit de8c249
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions emulator/btdev.c
Original file line number Diff line number Diff line change
Expand Up @@ -6425,6 +6425,7 @@ static int cmd_big_term_sync(struct btdev *dev, const void *data, uint8_t len)
0x16);

conn_remove(conn);
break;
}

done:
Expand Down

0 comments on commit de8c249

Please sign in to comment.