From 2762129212f1c4045c2ca3628cb49f42cb024689 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Mon, 13 Mar 2023 11:31:21 -0700 Subject: [PATCH] device: Fix crash attempting to read Sets property The following set can be observed when a sirk is exists but it is encrypted leading to info->set to not be set: Invalid read of size 8 at 0x1ACDF0: append_set (device.c:1662) by 0x1FFEFFF7DF: ??? by 0x1D4461: queue_foreach (queue.c:207) by 0x1AC8DE: dev_property_get_set (device.c:1700) by 0x1CF3E2: append_property (object.c:498) by 0x1CFA91: append_properties (object.c:527) by 0x1CFAFD: append_interface (object.c:542) by 0x48D7CEF: g_slist_foreach (gslist.c:887) by 0x1CF5A7: append_interfaces (object.c:1104) by 0x1CF5A7: append_object (object.c:1119) by 0x48D7CEF: g_slist_foreach (gslist.c:887) by 0x1CF5D0: append_object (object.c:1122) by 0x48D7CEF: g_slist_foreach (gslist.c:887) Address 0x8 is not stack'd, malloc'd or (recently) free'd --- src/device.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index 77b38e97a..f31f2a097 100644 --- a/src/device.c +++ b/src/device.c @@ -1659,10 +1659,15 @@ static gboolean dev_property_wake_allowed_exist( static void append_set(void *data, void *user_data) { struct sirk_info *info = data; - const char *path = btd_set_get_path(info->set); + const char *path; DBusMessageIter *iter = user_data; DBusMessageIter entry, dict; + if (!info->set) + return; + + path = btd_set_get_path(info->set); + dbus_message_iter_open_container(iter, DBUS_TYPE_DICT_ENTRY, NULL, &entry); -- 2.47.3