Since 9606375649 xfer_complete() sets the
transfer status rather than the size. Adapt obc_transfer_free to check
for the completed status to avoid deletion of completed transfers.
Calls to ListMessages with filter 'Read' set to true should
request the MSE to send read messages only.
The old code requests the MSE to send unread messages only.
This behavior is not matching the other filters.
Calls to ListMessages with filter 'Read' or 'Priority' caused a segfault
in parse_filter_read / parse_filter_priority. The functions read
D-Bus boolean values (uint32) into uint8.
0 0x00007ffff730332d in ?? () from /usr/lib/libdbus-1.so.3
1 0x00007ffff7304219 in dbus_message_iter_next () from /usr/lib/libdbus-1.so.3
2 0x000000000043ef0f in parse_message_filters (
apparam=<error reading variable: Cannot access memory at address 0x7ffffeffff08>,
iter=<error reading variable: Cannot access memory at address 0x7ffffeffff00>)
at obexd/client/map.c:1246
The MAP specification defines ParameterMask as a bitmask of 32 bit / 4 bytes.
For the lower 16 bit the specification defines parameters, the higher 16 bit
remain reserved for future use. Therefore FILTER_ALL is set to 0x0000FFFF.
(Reserved bits have to be set to 0)
In addition this fixes the issue that ListFilterFields didn't show all fields.
Calls to ListMessages with filter 'Types' make obexd hang in an infinite loop.
This is caused by a missing dbus_message_iter_next in parse_filter_type.
0 0x00007ffff7304ca7 in dbus_message_iter_get_basic ()
from /usr/lib/libdbus-1.so.3
1 0x0000000000434fba in parse_filter_type (iter=0x7fffffffd7d0, apparam=
0x6987f0) at obexd/client/map.c:1086
2 parse_message_filters (iter=0x7fffffffd730, apparam=0x6987f0)
at obexd/client/map.c:1222
3 map_list_messages (connection=<optimized out>, message=0x669ae0, user_data=
0x698a60) at obexd/client/map.c:1273
4 0x00000000004109a1 in process_message (connection=0x662b20,
message=<optimized out>, iface_user_data=<optimized out>,
method=<optimized out>, method=<optimized out>) at gdbus/object.c:285
5 0x00007ffff7308e15 in ?? () from /usr/lib/libdbus-1.so.3
6 0x00007ffff72fb070 in dbus_connection_dispatch ()
from /usr/lib/libdbus-1.so.3
7 0x000000000040e3d8 in message_dispatch (data=0x662b20)
at gdbus/mainloop.c:76
8 0x00007ffff703d3cb in ?? () from /usr/lib/libglib-2.0.so.0
9 0x00007ffff703c845 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
10 0x00007ffff703cb78 in ?? () from /usr/lib/libglib-2.0.so.0
11 0x00007ffff703cf72 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
12 0x000000000040df82 in main (argc=1, argv=0x7fffffffdd88)
at obexd/src/main.c:323
This fixes crashes in MAP client when the server does not send optional properties.
0 0x00007ffff6a792c5 in raise () from /usr/lib/libc.so.6
1 0x00007ffff6a7a748 in abort () from /usr/lib/libc.so.6
2 0x00007ffff731c145 in ?? () from /usr/lib/libdbus-1.so.3
3 0x00007ffff7312a25 in ?? () from /usr/lib/libdbus-1.so.3
4 0x00007ffff73050d6 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
5 0x0000000000433cc5 in get_replyto (property=<optimized out>, iter=<optimized out>,
data=<optimized out>) at obexd/client/map.c:484
6 0x00000000004103b6 in append_property (p=p@entry=0x6594c0 <map_msg_properties+192>,
dict=dict@entry=0x7fffffffd8e0, iface=0x6a3720) at gdbus/object.c:547
7 0x0000000000410472 in append_properties (data=data@entry=0x6a3720, iter=iter@entry=
0x7fffffffd960) at gdbus/object.c:576
8 0x00000000004104d1 in append_interface (data=0x6a3720, user_data=0x7fffffffda40)
at gdbus/object.c:591
9 0x00007ffff7058a4d in g_slist_foreach () from /usr/lib/libglib-2.0.so.0
10 0x0000000000411d05 in emit_interfaces_added (data=0x6a2ff0) at gdbus/object.c:623
11 process_changes (user_data=0x6a2ff0) at gdbus/object.c:1006
12 0x00007ffff703c845 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
13 0x00007ffff703cb78 in ?? () from /usr/lib/libglib-2.0.so.0
14 0x00007ffff703cf72 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
15 0x000000000040df82 in main (argc=1, argv=0x7fffffffdd88) at obexd/src/main.c:323
If the empty path is given, an empty name should be sent via OBEX.
Currently the name field is not set at all and later checks which
depend on data->index will access invalid memory regions as g_strsplit
returns NULL when an empty string is given.
0 0x000000000041a181 in g_obex_setpath (obex=obex@entry=0x662eb0, path=
0x20 <Address 0x20 out of bounds>, func=func@entry=0x42d300 <setpath_cb>,
user_data=user_data@entry=0x668f10, err=err@entry=0x7fffffffda08)
at gobex/gobex.c:1397
1 0x000000000042d395 in setpath_cb (obex=0x662eb0, err=0x0, rsp=<optimized out>,
user_data=0x668f10) at obexd/client/session.c:902
2 0x0000000000418e54 in handle_response (obex=obex@entry=0x662eb0, err=err@entry=0x0,
rsp=rsp@entry=0x668f40) at gobex/gobex.c:948
3 0x0000000000419d7a in incoming_data (io=<optimized out>, cond=<optimized out>,
user_data=0x662eb0) at gobex/gobex.c:1191
4 0x00007ffff703c845 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
5 0x00007ffff703cb78 in ?? () from /usr/lib/libglib-2.0.so.0
6 0x00007ffff703cf72 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
7 0x000000000040def2 in main (argc=1, argv=0x7fffffffdd88) at obexd/src/main.c:323
Crash occurs when removing a session with RemoveSession while another
session has been created but not yet registered.
Backtrace:
0 __strcmp_ssse3 () at ../sysdeps/i386/i686/multiarch/strcmp-ssse3.S:233
1 0xb758e7c3 in g_str_equal () from /lib/i386-linux-gnu/libglib-2.0.so.0
2 0x08073e56 in find_session (path=0x85c8504 "/org/bluez/obex/session0") at obexd/client/manager.c:146
3 remove_session (connection=0x85bc5e0, message=0x85bca98, user_data=0x0) at obexd/client/manager.c:216
4 0x08055f6f in process_message (connection=0x85bc5e0, message=<optimized out>, iface_user_data=0x0,
method=<optimized out>, method=<optimized out>) at gdbus/object.c:285
5 0xb7672666 in ?? () from /lib/i386-linux-gnu/libdbus-1.so.3
6 0xb76624d7 in dbus_connection_dispatch () from /lib/i386-linux-gnu/libdbus-1.so.3
7 0x080532f8 in message_dispatch (data=0x85bc5e0) at gdbus/mainloop.c:76
8 0xb759f6bf in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
9 0xb759e9e3 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
10 0xb759ed80 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
11 0xb759f1db in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
12 0x08052d74 in main (argc=1, argv=0xbfb344e4) at obexd/src/main.c:323
Rename the interface and move it to obexd-api.txt since it now belongs
to the same daemon, in addition remove obex-client-api.txt and align with
Transfer1 API in use by the server.
In addition fix the reply generated by obc_transfer_create_dbus_reply to
not use a structure container instead use object, dict 'oa{sv}' as
indicated in the documentation.
This reverts commit 8a03376544.
The patch needs to be split up and the gdbus/ changes were bogus
compared to the original commit message.
Conflicts:
Makefile.am
Makefile.obexd
profiles/cyclingspeed/cyclingspeed.c
profiles/heartrate/heartrate.c
src/error.c
Instead of trying to include config.h in each file over the tree and
possibly forgetting to include it, give a "-include config.h" argument
to the compiler so it's guaranteed that a) it will be included for all
source files and b) it will be the first header included.
gdbus/ directory is left out, since it would break other projects using
it.
Once a message was already listed and inserted on the cache it could
not be listed again as the code was using the wrong key to lookup for
found messages then once we try to create the message again it fails
as the object already exists.
Invalid read of size 8
at 0x40EC04: g_obex_apparam_free (gobex-apparam.c:362)
by 0x41A66A: obc_transfer_free (transfer.c:272)
by 0x413221: pending_request_free (session.c:163)
by 0x413659: session_terminate_transfer (session.c:745)
by 0x41A53E: xfer_complete (transfer.c:518)
by 0x41B5D7: get_xfer_progress_first (transfer.c:562)
by 0x409750: handle_response (gobex.c:948)
by 0x40A609: incoming_data (gobex.c:1191)
by 0x371D047824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x371D047B57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x371D047F51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x40542F: main (main.c:175)
Address 0x4f64510 is 0 bytes inside a block of size 8 free'd
at 0x4A079AE: free (vg_replace_malloc.c:427)
by 0x371D04D50E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x416060: phonebook_size_callback (pbap.c:266)
by 0x413651: session_terminate_transfer (session.c:743)
by 0x41A53E: xfer_complete (transfer.c:518)
by 0x41B5D7: get_xfer_progress_first (transfer.c:562)
by 0x409750: handle_response (gobex.c:948)
by 0x40A609: incoming_data (gobex.c:1191)
by 0x371D047824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x371D047B57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x371D047F51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x40542F: main (main.c:175)
When the transfer file is opened in O_RDWR mode, just after the contents are
written to the file, the file offset has to be set to the beginning of the
file. If not subsequent read fails. This patch fixes this.
