This adds a new Broadcast Receiver test, for a Broadcast Sink
synchronizing to 2 Broadcasters, using defer setup.
ISO Broadcaster Receiver2 Defer - Success
This fixes memory leaks that appear in iso_accept_cb because a new io
channel is allocated but never unreferenced at the end of the test.
=================================================================
==20460==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x7dcddc8fbb37 in malloc ../../../../src/libsanitizer/asan/
asan_malloc_linux.cpp:69
#1 0x7dcddc719af9 in g_malloc (/lib/x86_64-linux-gnu/
libglib-2.0.so.0+0x62af9)
#2 0x7dcddc7722bd in g_io_channel_unix_new
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xbb2bd
#3 0x5d3fdfe28262 in iso_accept_cb tools/iso-tester.c:3004
Indirect leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x7dcddc8fbb37 in malloc ../../../../src/libsanitizer/asan/
asan_malloc_linux.cpp:69
#1 0x7dcddc719af9 in g_malloc (/lib/x86_64-linux-gnu/
libglib-2.0.so.0+0x62af9)
#2 0x7dcddc70016f in g_io_channel_init
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4916f)
#3 0x7dcddc7722c8 in g_io_channel_unix_new
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xbb2c8)
#4 0x5d3fdfe28262 in iso_accept_cb tools/iso-tester.c:3004
SUMMARY: AddressSanitizer: 126 byte(s) leaked in 2 allocation(s).
Colors use escape sequence that needs to be enveloped with
RL_PROMPT_START_IGNORE (\001) and RL_PROMPT_END_IGNORE (\002) in order
for readline to properly calculate the prompt length.
Fixes: https://github.com/bluez/bluez/issues/965
This is part of the metadata when the AVRCP target supports covert
art download and a OBEX BIP session is connected.
The image handle references the cover art associated to the track,
and is valid only during OBEX BIP session.
Call to basename() relies on a GNU extension
to take a const char * vs a char *. Let's define
a trivial helper function to ensure compatibility
with musl.
Fixes: https://github.com/bluez/bluez/issues/843
That way it will be started automatically which is convenient on phones.
Distributions can then decide part of which install the unit should be.
Signed-off-by: Guido Günther <agx@sigxcpu.org>
In non-interactive mode the --index option does not work because the
call to mgmt_set_index() is made after bt_shell_attach().
Fixes: https://github.com/bluez/bluez/issues/893
Error: INTEGER_OVERFLOW (CWE-190): [#def41] [important]
tools/btsnoop.c:438:2: tainted_data_return: Called function "read(fd, buf, toread)", and a possible return value may be less than zero.
tools/btsnoop.c:438:2: assign: Assigning: "len" = "read(fd, buf, toread)".
tools/btsnoop.c:473:4: overflow: The cast of "len - 9L", which is potentially negative, to an unsigned type could result in an overflow.
471| /* next 4 bytes are data len and cid */
472| current_cid = buf[8] << 8 | buf[7];
473|-> memcpy(pdu_buf, buf + 9, len - 9);
474| pdu_len = len - 9;
475| } else if (acl_flags & 0x01) {
Error: INTEGER_OVERFLOW (CWE-190): [#def42] [important]
tools/btsnoop.c:438:2: tainted_data_return: Called function "read(fd, buf, toread)", and a possible return value may be less than zero.
tools/btsnoop.c:438:2: assign: Assigning: "len" = "read(fd, buf, toread)".
tools/btsnoop.c:476:4: overflow: The cast of "len - 5L", which is potentially negative, to an unsigned type could result in an overflow.
474| pdu_len = len - 9;
475| } else if (acl_flags & 0x01) {
476|-> memcpy(pdu_buf + pdu_len, buf + 5, len - 5);
477| pdu_len += len - 5;
478| }
This adds the following tests which cover the TX/RX of multiple
packets (up to 32K) over LE credit based flow control:
L2CAP LE Client - Read 32k Success
L2CAP LE Client - Write 32k Success
This adds the following tests which cover the TX/RX of multiple
packets (up to 32K):
L2CAP BR/EDR Client - Read 32k Success
L2CAP BR/EDR Client - Write 32k Success
L2CAP BR/EDR Server - Read 32k Success
L2CAP BR/EDR Server - Write 32k Success
We are sending data to controller at wrong average rate not equal to
1 packet / SDU interval, if Transport_Latency is not an integer multiple
of SDU_Interval. The calculation currently may also give zero, so no
data gets sent.
send() might fail and return a negative len, catch that to avoid
advancing the send buffer in the wrong direction and causing all sorts
of problems.
977|-> len = send(sk, buf + sent, buflen, 0);
978|
979| sent += len;
Error: OVERRUN (CWE-119): [#def57] [important]
tools/rctest.c:557:3:
overrun-buffer-arg: Calling "send" with "buf" and "len" is suspicious
because of the very large index, 18446744073709551615.
The index may be due to a negative parameter being interpreted as unsigned.
555| }
556| len = read(fd, buf, data_size);
557|-> send(sk, buf, len, 0);
558| close(fd);
559| return;
Error: STRING_NULL (CWE-170): [#def59] [important]
tools/mgmt-tester.c:12670:2: string_null_source: Function "vhci_read_devcd" does not terminate string "buf".
tools/mgmt-tester.c:12677:2: string_null: Passing unterminated string "buf" to "strtok_r", which expects a null-terminated string.
12675|
12676| /* Verify if all devcoredump header fields are present */
12677|-> line = strtok_r(buf, delim, &saveptr);
12678| while (strlen(test->expect_dump_data[i])) {
12679| if (!line || strcmp(line, test->expect_dump_data[i])) {
Verify that the peer is a valid bdaddr (and so has the correct length)
before using it.
Error: STRING_SIZE (CWE-120): [#def54] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1459:4: string_size: Passing string "argv[optind + i]" of unknown size to "send_mode", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def55] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1484:5: string_size: Passing string "peer" of unknown size to "bcast_do_connect_mbis", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def56] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1514:5: string_size: Passing string "argv[optind + i]" of unknown size to "do_connect", which expects a string of a particular size.
Fix compiler warning:
tools/test-runner.c:309:57: error: 'sprintf' may write a terminating nul
past the end of the destination [-Werror=format-overflow=]
Error: RESOURCE_LEAK (CWE-772): [#def79] [important]
tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file".
tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)".
tools/isotest.c:925:3: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. "fd" leaks when it is zero.
tools/isotest.c:925:3: remediation: Did you intend to include equality with zero?
tools/isotest.c:926:4: overwrite_var: Overwriting handle "fd" in "fd = open_file(filename)" leaks the handle.
924|
925| if (fd <= 0)
926|-> fd = open_file(filename);
927| }
928|
Add TX timestamping test utilities in new tools/tester.h, so that they
can be shared between testers.
Add tests:
ISO Send - TX Timestamping
ISO Send - TX Sched Timestamping
ISO Send - TX Msg Timestamping
This adds a new Broadcast Receiver test, to validate that a Broadcast
Sink is able to sync to the PA transmitted by a Source (when no BIG
is active) and is able to successfully detect the BASE:
ISO Broadcaster Receiver Defer Get BASE - Success
This separates the iso_defer_accept function into dedicated ones for
unicast/broadcast, since the flow is different for each scenario:
For unicast, POLLOUT is checked on socket before calling read and
adding a G_IO_OUT watch. Checking for POLLOUT is not necessary for
broadcast, since currently this event is never generated on the
child socket. Instead, G_IO_IN is generated after BIG sync is
established and a BIS socket is ready to be accepted.
