| f473d440 |
shared/bap: Handle NULL caps at bis verify
This updates bt_bap_verify_bis to handle NULL L2 and/or L3 caps. |
Iulia Tanasescu |
1 year ago |
1 file, +15, -0 |
| 46c0e376 |
obexd: Fix memory leak
To not leak "buf", we need object->buffer to take ownership of it using
g_string_new_take() (but it's only available in 2.78 and newer), or we
need to actually free "buf".
Error: RESOURCE_LEAK (CWE-772): [#def66] [important]
obexd/plugins/filesystem.c:411:3: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf".
obexd/plugins/filesystem.c:418:3: noescape: Resource "buf" is not freed or pointed-to in "g_string_new".
obexd/plugins/filesystem.c:440:2: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
438| *err = 0;
439|
440|-> return object;
441|
442| fail: |
Bastien Nocera |
1 year ago |
1 file, +1, -0 |
| f6241a10 |
Release 5.76 |
Marcel Holtmann |
1 year ago |
2 files, +8, -1 |
| c9fe8887 |
android/handsfree: Check sprintf retval
Error: SNYK_CODE_WARNING (CWE-125): [#def62] [important]
android/handsfree.c:1247:15: error[cpp/NegativeIndex]: The value from
sprintf, a standard library function that can return a negative value is
used as an index. A negative array index can lead to reading or writing
outside the bounds of the array. Ensure the value of the index used is
within bounds before use.
1245| buf = g_malloc(len);
1246|
1247|-> ptr = buf + sprintf(buf, "+CIND:");
1248|
1249| for (i = 0; i < IND_COUNT; i++) { |
Bastien Nocera |
1 year ago |
1 file, +11, -3 |
| 377f2ec0 |
shared/bap: Fix memory leak in error path
Error: RESOURCE_LEAK (CWE-772): [#def38] [important]
src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc".
src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)".
src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})".
src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24".
src/shared/bap.c:6071:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to.
6069|
6070| if (!util_iov_push_le24(base_iov, base->pres_delay))
6071|-> return NULL;
6072|
6073| if (!util_iov_push_u8(base_iov,
Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc".
src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)".
src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})".
src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24".
src/shared/bap.c:6073:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_u8".
src/shared/bap.c:6075:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to.
6073| if (!util_iov_push_u8(base_iov,
6074| queue_length(base->subgroups)))
6075|-> return NULL;
6076|
6077| queue_foreach(base->subgroups, generate_subgroup_base, |
Bastien Nocera |
1 year ago |
1 file, +8, -2 |
| 20a0255b |
gdbus: Check sprintf retval
Error: SNYK_CODE_WARNING (CWE-125): [#def63] [important]
gdbus/watch.c:131:11: error[cpp/NegativeIndex]: The value from snprintf,
a standard library function that can return a negative value is used as
an index. A negative array index can lead to reading or writing outside
the bounds of the array. Ensure the value of the index used is within
bounds before use.
129| int offset;
130|
131|-> offset = snprintf(rule, size, "type='signal'");
132| sender = data->name ? : data->owner;
133| |
Bastien Nocera |
1 year ago |
1 file, +34, -12 |
| 49d06560 |
mgmt-tester: Fix non-nul-terminated string
Error: STRING_NULL (CWE-170): [#def59] [important]
tools/mgmt-tester.c:12670:2: string_null_source: Function "vhci_read_devcd" does not terminate string "buf".
tools/mgmt-tester.c:12677:2: string_null: Passing unterminated string "buf" to "strtok_r", which expects a null-terminated string.
12675|
12676| /* Verify if all devcoredump header fields are present */
12677|-> line = strtok_r(buf, delim, &saveptr);
12678| while (strlen(test->expect_dump_data[i])) {
12679| if (!line || strcmp(line, test->expect_dump_data[i])) { |
Bastien Nocera |
1 year ago |
1 file, +6, -2 |
| f05e448c |
isotest: Fix string size expectations
Verify that the peer is a valid bdaddr (and so has the correct length)
before using it.
Error: STRING_SIZE (CWE-120): [#def54] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1459:4: string_size: Passing string "argv[optind + i]" of unknown size to "send_mode", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def55] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1484:5: string_size: Passing string "peer" of unknown size to "bcast_do_connect_mbis", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def56] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1514:5: string_size: Passing string "argv[optind + i]" of unknown size to "do_connect", which expects a string of a particular size. |
Bastien Nocera |
1 year ago |
1 file, +13, -2 |
| 566af9c2 |
test-runner: Fix fd leak on failure
Error: RESOURCE_LEAK (CWE-772): [#def65] [important]
tools/test-runner.c:877:3: open_fn: Returning handle opened by "attach_proto".
tools/test-runner.c:877:3: var_assign: Assigning: "serial_fd" = handle returned from "attach_proto(node, 0U, basic_flags, extra_flags)".
tools/test-runner.c:955:3: leaked_handle: Handle variable "serial_fd" going out of scope leaks the handle.
953| if (pid < 0) {
954| perror("Failed to fork new process");
955|-> return;
956| }
957| |
Bastien Nocera |
1 year ago |
1 file, +2, -0 |
| 7a638557 |
isotest: Fix bad free
Error: BAD_FREE (CWE-763): [#def58] [important]
tools/isotest.c:1461:5: address: Taking offset from "strchr(filename, 44)".
tools/isotest.c:1461:5: assign: Assigning: "filename" = "strchr(filename, 44) + 1".
tools/isotest.c:1536:2: incorrect_free: "free" frees incorrect pointer "filename".
1534|
1535| done:
1536|-> free(filename);
1537|
1538| syslog(LOG_INFO, "Exit"); |
Bastien Nocera |
1 year ago |
1 file, +5, -2 |
| 52336ad6 |
shared/bap: Fix possible use-after-free
stream_set_state() might call bap_stream_detach() if the stream is in
the process of being detached, causing a use-after-free.
Return false from stream_set_state() if the stream is unsafe to
manipulate (ie. was in the process of being detached and freed).
Error: USE_AFTER_FREE (CWE-416): [#def37] [important]
src/shared/bap.c:2490:2: freed_arg: "stream_set_state" frees "stream".
src/shared/bap.c:2493:2: deref_after_free: Dereferencing freed pointer "stream".
2491|
2492| /* Sink can autonomously for to Streaming state if io already exits */
2493|-> if (stream->io && stream->ep->dir == BT_BAP_SINK)
2494| stream_set_state(stream, BT_BAP_STREAM_STATE_STREAMING);
2495| |
Bastien Nocera |
1 year ago |
1 file, +6, -3 |
| 9672cf41 |
test-runner: Fix uninitialised variable usage
Error: UNINIT (CWE-457): [#def64] [important]
tools/test-runner.c:701:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:739:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
737|
738| if (pid == 0) {
739|-> execve(argv[0], argv, envp);
740| exit(EXIT_SUCCESS);
741| } |
Bastien Nocera |
1 year ago |
1 file, +2, -2 |
| 0640d99e |
test-runner: Fix uninitialised variable usage
Error: UNINIT (CWE-457): [#def72] [important]
tools/test-runner.c:856:2: var_decl: Declaring variable "argv" without initializer.
tools/test-runner.c:945:2: uninit_use: Using uninitialized value "argv[0]".
943| envp[pos] = NULL;
944|
945|-> printf("Running command %s\n", cmdname ? cmdname : argv[0]);
946|
947| pid = fork(); |
Bastien Nocera |
1 year ago |
1 file, +5, -0 |
| 9f4b2d02 |
test-runner: Remove unused envp
Error: UNINIT (CWE-457): [#def70] [important]
tools/test-runner.c:644:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:682:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
680|
681| if (pid == 0) {
682|-> execve(argv[0], argv, envp);
683| exit(EXIT_SUCCESS);
684| }
Error: UNINIT (CWE-457): [#def71] [important]
tools/test-runner.c:701:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:739:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
737|
738| if (pid == 0) {
739|-> execve(argv[0], argv, envp);
740| exit(EXIT_SUCCESS);
741| } |
Bastien Nocera |
1 year ago |
1 file, +2, -2 |
| c63b7b0d |
tools/mesh-cfgclient: Fix uninitialised variable usage
Error: UNINIT (CWE-457): [#def64] [important]
tools/mesh-cfgclient.c:1992:2: var_decl: Declaring variable "result" without initializer.
tools/mesh-cfgclient.c:2041:3: uninit_use: Using uninitialized value "result". Field "result.last_seen" is uninitialized.
2039| l_queue_length(devices) + 1);
2040| dev = l_malloc(sizeof(struct unprov_device));
2041|-> *dev = result;
2042|
2043| } else if (dev->rssi < result.rssi)
Error: UNINIT (CWE-457): [#def65] [important]
tools/mesh-cfgclient.c:1992:2: var_decl: Declaring variable "result" without initializer.
tools/mesh-cfgclient.c:2044:3: uninit_use: Using uninitialized value "result". Field "result.last_seen" is uninitialized.
2042|
2043| } else if (dev->rssi < result.rssi)
2044|-> *dev = result;
2045|
2046| dev->last_seen = time(NULL); |
Bastien Nocera |
1 year ago |
1 file, +1, -2 |
| 75eda690 |
shared/gatt-client: Fix uninitialised variable usage
Error: UNINIT (CWE-457): [#def44] [important]
src/shared/gatt-client.c:1669:2: var_decl: Declaring variable "value" without initializer.
src/shared/gatt-client.c:1686:2: uninit_use_in_call: Using uninitialized value "value" when calling "bt_gatt_client_write_value".
1684| }
1685|
1686|-> att_id = bt_gatt_client_write_value(notify_data->client,
1687| notify_data->chrc->ccc_handle,
1688| (void *)&value, sizeof(value), |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |
| 0a1159dc |
shared/ecc: Fix uninitialised variable usage
Error: UNINIT (CWE-457): [#def41] [important]
src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero".
883|
884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
885|-> } while (ecc_point_is_zero(&pk));
886|
887| ecc_native2bytes(priv, private_key);
Error: UNINIT (CWE-457): [#def42] [important]
src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero".
src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.y" when calling "ecc_point_is_zero".
883|
884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
885|-> } while (ecc_point_is_zero(&pk));
886|
887| ecc_native2bytes(priv, private_key);
Error: UNINIT (CWE-457): [#def43] [important]
src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
src/shared/ecc.c:889:2: uninit_use_in_call: Using uninitialized value "*pk.y" when calling "ecc_native2bytes".
887| ecc_native2bytes(priv, private_key);
888| ecc_native2bytes(pk.x, public_key);
889|-> ecc_native2bytes(pk.y, &public_key[32]);
890|
891| return true; |
Bastien Nocera |
1 year ago |
1 file, +2, -0 |
| 745f324d |
shared/bap: Add stream ops for get_location, get_dir and get_state |
Andrei Istodorescu |
1 year ago |
1 file, +107, -52 |
| 7b1e0e50 |
shared/bap: Return the local PAC when matching a BIS |
Andrei Istodorescu |
1 year ago |
1 file, +5, -2 |
| 7aecf3bb |
shared/bap: Remove not needed function |
Andrei Istodorescu |
1 year ago |
2 files, +15, -73 |
| 32d14795 |
bap: Update BIS management
Use the BIS index received in the BASE to synchronize to the BIG.
Allow bt_bap_endpoint to be NULL.
Remove the Broadcast Sink code from set_configuration.
Update BASE parsing so that it creates streams and transports, without a
remote PAC and endpoint.
Update bap_find_setup_by_stream to find the setup in case the stream does
not contain an endpoint. |
Andrei Istodorescu |
1 year ago |
1 file, +226, -94 |
| db8c9605 |
shared/bap: Add function to check the validity of a BIS
Add utilitary function to check if the information from a BIS is matching
the capabilities in bt_bap. This utilitary is used when parsing the BASE
data so that we can decide if we create a new setup/stream/transport for
it, or advance to the next BIS. |
Andrei Istodorescu |
1 year ago |
2 files, +28, -0 |
| 98818da2 |
shared/bap: Update stream management to avoid PACs
Remove PAC logic for BAP Broadcast Sink stream creation. |
Andrei Istodorescu |
1 year ago |
1 file, +6, -57 |
| d9de306a |
Revert "mgmt-tester: update for Poll Errqueue experimental fature"
This reverts commit c777c55ab662db4e9853bb08a6e1e6c77b319e09.
The kernel feature needs further work. |
Pauli Virtanen |
1 year ago |
1 file, +1, -5 |
| 975d3b14 |
tools: disable running TX timestamping tests for now
Disable the TX timestamping related tests for now, as the feature will
need some further work. |
Pauli Virtanen |
1 year ago |
3 files, +17, -0 |
| a9f80a81 |
shared/tester: add ability to skip tests unless explicitly selected
Make it possible to skip running a test, and skip running if the test
was not explicitly selected on command line. |
Pauli Virtanen |
1 year ago |
2 files, +34, -0 |
| ea242fbf |
advertising: Detect when EA needs to be used
This attempts to detect when an advertising instance needs to set the
secondary PHY in order to force EA PDUs to be used because its data is
too big for legacy PDUs. |
Luiz Augusto von Dentz |
1 year ago |
1 file, +7, -0 |
| 263d6f7d |
shared/ad: Add bt_ad_length
This adds bt_ad_length which can be used to return the current size of
the bt_ad data. |
Luiz Augusto von Dentz |
1 year ago |
2 files, +10, -3 |
| c7445d97 |
mesh: Fix not setting rpl_dir as static
rpl_dir shall be made static to be properly scoped. |
Luiz Augusto von Dentz |
1 year ago |
1 file, +1, -1 |
| 450e2599 |
android: Fix build error
This fixes the following building error:
android/hal-audio-sbc.c: In function 'sbc_codec_init':
android/hal-audio-sbc.c:260:34: error: 'calloc' sizes specified with
'sizeof' in the earlier argument and not in the later argument
[-Werror=calloc-transposed-args]
260 | sbc_data = calloc(sizeof(struct sbc_data), 1);
| ^~~~~~ |
Luiz Augusto von Dentz |
1 year ago |
1 file, +1, -1 |
| e453a336 |
client: fix ISO send data rate
We are sending data to controller at wrong average rate not equal to
1 packet / SDU interval, if Transport_Latency is not an integer multiple
of SDU_Interval. The calculation currently may also give zero, so no
data gets sent.
We are sending data in bursts of num ~= Transport_Latency/SDU_Interval
packets, in hopes that possibly larger timer interval makes things more
efficient.
Fix the data rate by sending num packets every num*SDU_Interval, so that
the average data rate is correct.
Also fix use of itimerspect.it_value with TFD_TIMER_ABSTIME. The value
set previously is going to always be in the past in CLOCK_MONOTONIC so
just set it to 1. |
Pauli Virtanen |
1 year ago |
1 file, +14, -5 |
| 24039249 |
tools: fix using too small buffers in test-runner
Fix compiler warning:
tools/test-runner.c:309:57: error: 'sprintf' may write a terminating nul
past the end of the destination [-Werror=format-overflow=] |
Pauli Virtanen |
1 year ago |
1 file, +2, -2 |
| 832412f5 |
test examples: fix python3 errors
These scripts have "#!/usr/bin/env python3" but have python2 syntax in
several places. Fixed by running the "2to3" utility. |
Preston Hunt |
1 year ago |
5 files, +44, -44 |
| ffd538cf |
test-bap: Add Broadcast Source SCC tests
4.13.1 Broadcast Source Configures Broadcast Audio Stream (page 172):
Test Purpose:
Verify that a Broadcast Source IUT can configure a broadcast Audio
Stream with information defined by the values in its BASE structure.
Test Case Configuration:
BAP/BSRC/SCC/BV-01-C [Config Broadcast, LC3 8_1_1]
BAP/BSRC/SCC/BV-02-C [Config Broadcast, LC3 8_2_1]
BAP/BSRC/SCC/BV-03-C [Config Broadcast, LC3 16_1_1]
BAP/BSRC/SCC/BV-04-C [Config Broadcast, LC3 16_2_1]
BAP/BSRC/SCC/BV-05-C [Config Broadcast, LC3 24_1_1]
BAP/BSRC/SCC/BV-06-C [Config Broadcast, LC3 24_2_1]
BAP/BSRC/SCC/BV-07-C [Config Broadcast, LC3 32_1_1]
BAP/BSRC/SCC/BV-08-C [Config Broadcast, LC3 32_2_1]
BAP/BSRC/SCC/BV-09-C [Config Broadcast, LC3 44.1_1_1]
BAP/BSRC/SCC/BV-10-C [Config Broadcast, LC3 44.1_2_1]
BAP/BSRC/SCC/BV-11-C [Config Broadcast, LC3 48_1_1]
BAP/BSRC/SCC/BV-12-C [Config Broadcast, LC3 48_2_1]
BAP/BSRC/SCC/BV-13-C [Config Broadcast, LC3 48_3_1]
BAP/BSRC/SCC/BV-14-C [Config Broadcast, LC3 48_4_1]
BAP/BSRC/SCC/BV-15-C [Config Broadcast, LC3 48_5_1]
BAP/BSRC/SCC/BV-16-C [Config Broadcast, LC3 48_6_1]
BAP/BSRC/SCC/BV-17-C [Config Broadcast, LC3 8_1_2]
BAP/BSRC/SCC/BV-18-C [Config Broadcast, LC3 8_2_2]
BAP/BSRC/SCC/BV-19-C [Config Broadcast, LC3 16_1_2]
BAP/BSRC/SCC/BV-20-C [Config Broadcast, LC3 16_2_2]
BAP/BSRC/SCC/BV-21-C [Config Broadcast, LC3 24_1_2]
BAP/BSRC/SCC/BV-22-C [Config Broadcast, LC3 24_2_2]
BAP/BSRC/SCC/BV-23-C [Config Broadcast, LC3 32_1_2]
BAP/BSRC/SCC/BV-24-C [Config Broadcast, LC3 32_2_2]
BAP/BSRC/SCC/BV-25-C [Config Broadcast, LC3 44.1_1_2]
BAP/BSRC/SCC/BV-26-C [Config Broadcast, LC3 44.1_2_2]
BAP/BSRC/SCC/BV-27-C [Config Broadcast, LC3 48_1_2]
BAP/BSRC/SCC/BV-28-C [Config Broadcast, LC3 48_2_2]
BAP/BSRC/SCC/BV-29-C [Config Broadcast, LC3 48_3_2]
BAP/BSRC/SCC/BV-30-C [Config Broadcast, LC3 48_4_2]
BAP/BSRC/SCC/BV-31-C [Config Broadcast, LC3 48_5_2]
BAP/BSRC/SCC/BV-32-C [Config Broadcast, LC3 48_6_2]
BAP/BSRC/SCC/BV-33-C [Config Broadcast, VS]
Pass verdict:
The AdvData field of AUX_SYNC_IND and optionally
AUX_CHAIN_IND PDUs contains the configured BASE information.
Test Summary
------------
BAP/BSRC/SCC/BV-01-C [Config Broadcast, LC3 8_1_1] Passed
BAP/BSRC/SCC/BV-02-C [Config Broadcast, LC3 8_2_1] Passed
BAP/BSRC/SCC/BV-03-C [Config Broadcast, LC3 16_1_1] Passed
BAP/BSRC/SCC/BV-04-C [Config Broadcast, LC3 16_2_1] Passed
BAP/BSRC/SCC/BV-05-C [Config Broadcast, LC3 24_1_1] Passed
BAP/BSRC/SCC/BV-06-C [Config Broadcast, LC3 24_2_1] Passed
BAP/BSRC/SCC/BV-07-C [Config Broadcast, LC3 32_1_1] Passed
BAP/BSRC/SCC/BV-08-C [Config Broadcast, LC3 32_2_1] Passed
BAP/BSRC/SCC/BV-09-C [Config Broadcast, LC3 44.1_1_1] Passed
BAP/BSRC/SCC/BV-09-C [Config Broadcast, LC3 44.1_2_1] Passed
BAP/BSRC/SCC/BV-11-C [Config Broadcast, LC3 48_1_1] Passed
BAP/BSRC/SCC/BV-12-C [Config Broadcast, LC3 48_2_1] Passed
BAP/BSRC/SCC/BV-13-C [Config Broadcast, LC3 48_3_1] Passed
BAP/BSRC/SCC/BV-14-C [Config Broadcast, LC3 48_4_1] Passed
BAP/BSRC/SCC/BV-15-C [Config Broadcast, LC3 48_5_1] Passed
BAP/BSRC/SCC/BV-16-C [Config Broadcast, LC3 48_6_1] Passed
BAP/BSRC/SCC/BV-17-C [Config Broadcast, LC3 8_1_2] Passed
BAP/BSRC/SCC/BV-18-C [Config Broadcast, LC3 8_2_2] Passed
BAP/BSRC/SCC/BV-19-C [Config Broadcast, LC3 16_1_2] Passed
BAP/BSRC/SCC/BV-20-C [Config Broadcast, LC3 16_2_2] Passed
BAP/BSRC/SCC/BV-21-C [Config Broadcast, LC3 24_1_2] Passed
BAP/BSRC/SCC/BV-22-C [Config Broadcast, LC3 24_2_2] Passed
BAP/BSRC/SCC/BV-23-C [Config Broadcast, LC3 32_1_2] Passed
BAP/BSRC/SCC/BV-24-C [Config Broadcast, LC3 32_2_2] Passed
BAP/BSRC/SCC/BV-25-C [Config Broadcast, LC3 44.1_1_2] Passed
BAP/BSRC/SCC/BV-26-C [Config Broadcast, LC3 44.1_2_2] Passed
BAP/BSRC/SCC/BV-27-C [Config Broadcast, LC3 48_1_2] Passed
BAP/BSRC/SCC/BV-28-C [Config Broadcast, LC3 48_2_2] Passed
BAP/BSRC/SCC/BV-29-C [Config Broadcast, LC3 48_3_2] Passed
BAP/BSRC/SCC/BV-30-C [Config Broadcast, LC3 48_4_2] Passed
BAP/BSRC/SCC/BV-31-C [Config Broadcast, LC3 48_5_2] Passed
BAP/BSRC/SCC/BV-32-C [Config Broadcast, LC3 48_6_2] Passed
BAP/BSRC/SCC/BV-33-C [Config Broadcast, VS] Passed |
Iulia Tanasescu |
1 year ago |
1 file, +585, -0 |
| 78bf2ab7 |
test-bap: Pass test_setup as test define argument
The current test_setup function is only targeted for client test cases
that require service discovery. This commit makes the test define more
generic, by adding the test_setup to the list of parameters, so that
custom setup functions can be provided depending on the test case. |
Iulia Tanasescu |
1 year ago |
1 file, +332, -252 |
| 969ccb52 |
shared/lc3: Add missing LC3_QOS_8_1_2_B define
This adds the missing LC3_QOS_8_1_2_B macro and removes the
duplicate define for LC3_QOS_48_1_2_B. |
Iulia Tanasescu |
1 year ago |
1 file, +1, -1 |
| 33fdb06e |
shared/bap: Fix uninitialized field at BASE generation
Currently in bt_bap_stream_get_base, the pres_delay inside the base
variable is left uninitialized and it is later accessed in
set_base_subgroup, to be compared to each stream presentation delay.
This commit adds a fix by initializing the pres_delay field to the
current stream presentation delay, before later updating it based on
comparison. |
Iulia Tanasescu |
1 year ago |
1 file, +1, -0 |
| d6fe19bc |
profiles/gap: Added support for PPCP characteristic
The Peripheral Preferred Connection Parameters (PPCP) characteristic
contains the preferred connection parameters of a peripheral device.
These parameters are stored in the info file and loaded to Kernel using
MGMT's respective command. |
Felipe F. Tonello |
1 year ago |
1 file, +71, -0 |
| d391bf4c |
src/device: Added function to set connection parameters
This function allows plugins to set the connection parameters of the
respective btd_device object.
It is useful for GAP Peripheral Preferred Connection Parameters
characteristic for example. |
Felipe F. Tonello |
1 year ago |
2 files, +17, -0 |
| a249eb68 |
src/adapter: Added connection parameter load/store functions
It is interesting to let other parts of bluetoothd to access these
functions since there are few different use-cases where this updating
and loading connection parameters can happen. |
Felipe F. Tonello |
1 year ago |
2 files, +39, -5 |
| 1cb5708f |
profiles/gap: Some code cleanup
Just removing unecessary function and code duplication. |
Felipe F. Tonello |
1 year ago |
1 file, +19, -21 |
| af2634ce |
avrcp: Fix uninitialised memory usage
Error: UNINIT (CWE-457): [#def35] [important]
profiles/audio/avrcp.c:2550:2: var_decl: Declaring variable "name" without initializer.
profiles/audio/avrcp.c:2567:2: uninit_use_in_call: Using uninitialized value "*name" when calling "media_player_create_item".
2565| mp = player->user_data;
2566|
2567|-> item = media_player_create_item(mp, name, PLAYER_ITEM_TYPE_AUDIO, uid);
2568| if (item == NULL)
2569| return NULL;
Error: UNINIT (CWE-457): [#def36] [important]
profiles/audio/avrcp.c:2583:2: var_decl: Declaring variable "name" without initializer.
profiles/audio/avrcp.c:2601:2: uninit_use_in_call: Using uninitialized value "*name" when calling "media_player_create_folder".
2599| }
2600|
2601|-> item = media_player_create_folder(mp, name, type, uid);
2602| if (!item)
2603| return NULL; |
Bastien Nocera |
1 year ago |
1 file, +4, -6 |
| e5925dbb |
monitor: Work-around memory leak warning
Work-around this warning by making the so pointer global.
Error: RESOURCE_LEAK (CWE-772): [#def29] [important]
monitor/jlink.c:87:3: alloc_fn: Storage is returned from allocation function "dlopen".
monitor/jlink.c:87:3: var_assign: Assigning: "so" = storage returned from "dlopen(jlink_so_name[i], 1)".
monitor/jlink.c:95:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:96:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:97:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:98:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:99:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:100:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:101:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:102:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:103:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:104:2: noescape: Resource "so" is not freed or pointed-to in "dlsym".
monitor/jlink.c:116:2: leaked_storage: Variable "so" going out of scope leaks the storage it points to.
114|
115| /* don't dlclose(so) here cause symbols from it are in use now */
116|-> return 0;
117| }
118| |
Bastien Nocera |
1 year ago |
1 file, +2, -1 |
| dc60ce0b |
sdp: Fix use of uninitialised memory
Error: UNINIT (CWE-457): [#def10] [important]
lib/sdp.c:2302:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
lib/sdp.c:2302:2: assign: Assigning: "seqDTDs" = "malloc(seqlen * 8UL)", which points to uninitialized data.
lib/sdp.c:2355:2: uninit_use_in_call: Using uninitialized value "*seqDTDs" when calling "sdp_seq_alloc".
2353| }
2354| }
2355|-> seq = sdp_seq_alloc(seqDTDs, seqs, seqlen);
2356| free(seqDTDs);
2357| free(seqs); |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |
| c81f9320 |
iso-tester: Fix fd leak
Error: RESOURCE_LEAK (CWE-772): [#def63] [important]
tools/iso-tester.c:1796:2: open_fn: Returning handle opened by "socket".
tools/iso-tester.c:1796:2: var_assign: Assigning: "sk" = handle returned from "socket(31, 2053, 8)".
tools/iso-tester.c:1807:3: leaked_handle: Handle variable "sk" going out of scope leaks the handle.
1805| if (!master_bdaddr) {
1806| tester_warn("No master bdaddr");
1807|-> return -ENODEV;
1808| }
1809| |
Bastien Nocera |
1 year ago |
1 file, +1, -0 |
| 3e03788b |
isotest: Fix fd leak
Error: RESOURCE_LEAK (CWE-772): [#def65] [important]
tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file".
tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)".
tools/isotest.c:953:3: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
951|
952| free(sk_arr);
953|-> return;
954| }
955| |
Bastien Nocera |
1 year ago |
1 file, +2, -0 |
| 856353b2 |
shared/vcp: Fix copy/paste error
Error: COPY_PASTE_ERROR (CWE-398): [#def97] [important]
src/shared/vcp.c:2610:16: original: "aics->gain_stting_prop" looks like the original copy.
src/shared/vcp.c:2625:16: copy_paste_error: "gain_stting_prop" in "aics->gain_stting_prop" looks like a copy-paste error.
src/shared/vcp.c:2625:16: remediation: Should it say "aud_ip_type" instead?
2623|
2624| aics = vcp_get_aics(vcp);
2625|-> if (!aics || aics->gain_stting_prop)
2626| return;
2627| |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |
| 6f041df2 |
client/player: Fix copy/paste error
Error: COPY_PASTE_ERROR (CWE-398): [#def95] [important]
client/player.c:1846:6: original: "qos->sync_cte_type" looks like the original copy.
client/player.c:1852:6: copy_paste_error: "sync_cte_type" in "qos->sync_cte_type" looks like a copy-paste error.
client/player.c:1852:6: remediation: Should it say "mse" instead?
1850| }
1851|
1852|-> if (qos->sync_cte_type) {
1853| bt_shell_printf("MSE %u\n", qos->mse);
1854| g_dbus_dict_append_entry(iter, "MSE", DBUS_TYPE_BYTE, |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |
| 9a36f191 |
isotest: Fix error check after opening file
Consider "0" to be a valid fd. |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |
| d30dc38b |
isotest: Consider "0" fd to be valid
Error: RESOURCE_LEAK (CWE-772): [#def79] [important]
tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file".
tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)".
tools/isotest.c:925:3: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. "fd" leaks when it is zero.
tools/isotest.c:925:3: remediation: Did you intend to include equality with zero?
tools/isotest.c:926:4: overwrite_var: Overwriting handle "fd" in "fd = open_file(filename)" leaks the handle.
924|
925| if (fd <= 0)
926|-> fd = open_file(filename);
927| }
928| |
Bastien Nocera |
1 year ago |
1 file, +1, -1 |