This fix following build error:
obexd/src/manager.c: At top level:
obexd/src/manager.c:190:13: error:
‘dbus_message_iter_append_dict_entry’ defined but not used
[-Werror=unused-function]
This fix following build error:
CC obexd/client/obexd-mns.o
obexd/client/mns.c:344:38: error: ‘mas_drivers’ defined but not used
[-Werror=unused-variable]
cc1: all warnings being treated as errors
This fix following build error:
CC obexd/client/obexd-mns.o
obexd/client/mns.c: In function ‘parse_event_report_handle’:
obexd/client/mns.c:187:2: error: implicit declaration of function
‘strtoull’ [-Werror=implicit-function-declaration]
This fix following build error:
CC obexd/client/obexd-mns.o
obexd/client/mns.c: In function ‘mns_connect’:
obexd/client/mns.c:105:2: error: implicit declaration of function
‘manager_register_session’ [-Werror=implicit-function-declaration]
obexd/client/mns.c: In function ‘mns_disconnect’:
obexd/client/mns.c:128:2: error: implicit declaration of function
‘manager_unregister_session’ [-Werror=implicit-function-declaration]
This fix following build error:
CC obexd/plugins/obexd-bluetooth.o
obexd/plugins/bluetooth.c:242:6: error: no previous declaration for
‘dict_append_entry’ [-Werror=missing-declarations]
This ix following build errors:
CC obexd/plugins/obexd-bluetooth.o
obexd/plugins/bluetooth.c: In function ‘register_profile_reply’:
obexd/plugins/bluetooth.c:202:10: error: unused variable ‘err’
[-Werror=unused-variable]
obexd/plugins/bluetooth.c: In function ‘name_acquired’:
obexd/plugins/bluetooth.c:367:15: error: unused variable ‘uuid’
[-Werror=unused-variable]
obexd/plugins/bluetooth.c: In function ‘name_released’:
obexd/plugins/bluetooth.c:389:15: error: unused variable ‘uuid’
[-Werror=unused-variable]
obexd/plugins/bluetooth.c: In function ‘bluetooth_start’:
obexd/plugins/bluetooth.c:400:10: error: unused variable ‘ios’
[-Werror=unused-variable]
obexd/client/map.c: In function ‘map_msg_get’:
obexd/client/map.c:446:2: warning: format ‘%u’ expects argument of type
‘unsigned int’, but argument 4 has type ‘uint64_t’ [-Wformat]
obexd/client/map.c:446:2: warning: format ‘%u’ expects argument of type
‘unsigned int’, but argument 4 has type ‘uint64_t’ [-Wformat]
This is more efficient in terms of memory and hash lookups, it is also
not prone to string format bugs in remote stacks such as leading zeros
being treated as a different handle as can be experience with
Nokia N950 which sends events using a handle with leading zeros but
message listing don't have them.
session_process_queue can call a callback which can cause the session to
be freed:
Invalid write of size 4
at 0x4265C9: session_process (session.c:716)
by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40D55C: main (main.c:319)
Address 0x4d658a8 is 104 bytes inside a block of size 120 free'd
at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x3D4604D9AE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x4265B1: session_process_queue (session.c:794)
by 0x4265C8: session_process (session.c:714)
by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x40D55C: main (main.c:319)
In order to determine if the message Type property has changed,
the stored type needs to be compared with the parsed type and not with
the raw value received from the MSE.
This fixes the issue that the property changed signal for the Type
property is emitted for every message on every ListMessage call.
sdp_connect fails when Bluetooth adapter is off which leads to the
following leak:
37 bytes in 1 blocks are definitely lost in loss record 68 of 165
at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x3B03C4D89E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3B03C64BAE: g_strdup (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x427D5D: bluetooth_connect (bluetooth.c:410)
by 0x426CC9: obc_session_create (session.c:454)
by 0x425693: create_session (manager.c:203)
by 0x43D8A3: process_message.isra.5 (object.c:259)
by 0x3B0701CE85: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
by 0x3B0700FA30: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
by 0x43A627: message_dispatch (mainloop.c:76)
by 0x3B03C48962: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3B03C47E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
The method ListMessages allows to specify a relative subfolder.
This subfolder needs to be added to the current path when registering
a new message interface.
Message interfaces are not necessarily created for the current folder,
therefore the folder needs to be specified in a parameter.
For example, messages can be created for sub folders when using the folder
parameter in ListMessages.
When registering a new driver with obex_service_driver_register there
could exist another driver for the service which will cause the drivers
list to leak.
The leak can be detected by using G_SLICE=always-malloc which will
produce the following trace using valgrind:
112 bytes in 7 blocks are definitely lost in loss record 123 of 167
at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x3B03C4D89E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3B03C6344D: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3B03C647A5: g_slist_append (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x424DD3: obex_service_driver_list (service.c:76)
by 0x42517F: obex_server_init (server.c:64)
by 0x40D439: main (main.c:304)
g_io_channel_unix_new creates a reference which is then passed to
obex_session_start which creates its on reference via g_io_channel_ref
leading to the following leak:
at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x3B03C4D89E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x3B03C88224: g_io_channel_unix_new (in /usr/lib64/libglib-2.0.so.0.3600.3)
by 0x418967: profile_new_connection (bluetooth.c:148)
by 0x43D763: process_message.isra.5 (object.c:259)
This adds a pending_request struct in order to store the D-Bus request
data.
The current version stores the received D-Bus message in the MAP session
struct. The stored message is overridden by intermediate D-Bus method
calls which can lead into a crash.
Trace:
arguments to dbus_message_unref() were incorrect,
assertion "!message->in_cache" failed in file dbus-message.c line 1618.
0 0x00007ffff6a6a1c9 in raise () from /usr/lib/libc.so.6
1 0x00007ffff6a6b5c8 in abort () from /usr/lib/libc.so.6
2 0x00007ffff7313de5 in ?? () from /usr/lib/libdbus-1.so.3
3 0x00007ffff730ab91 in ?? () from /usr/lib/libdbus-1.so.3
4 0x000000000043721c in message_listing_cb (session=0x6a7d30,
transfer=0x6a9450, err=0x0, user_data=0x6a9950) at obexd/client/map.c:1166
5 0x000000000042f7af in session_terminate_transfer (session=0x6a7d30,
transfer=0x6a9450, gerr=0x0) at obexd/client/session.c:830
6 0x000000000042f83d in session_notify_complete (session=0x6a7d30,
transfer=0x6a9450) at obexd/client/session.c:845
7 0x000000000042f8dc in transfer_complete (transfer=0x6a9450, err=0x0,
user_data=0x6a7d30) at obexd/client/session.c:865
8 0x0000000000439ee7 in xfer_complete (obex=0x677250, err=0x0,
user_data=0x6a9450) at obexd/client/transfer.c:577
9 0x000000000043a05f in get_xfer_progress_first (obex=0x677250, err=0x0,
rsp=0x678730, user_data=0x6a9450) at obexd/client/transfer.c:621
10 0x0000000000413f08 in handle_response (obex=0x677250, err=0x0,
rsp=0x678730) at gobex/gobex.c:949
11 0x00000000004147db in incoming_data (io=0x6a8a00, cond=G_IO_IN,
user_data=0x677250) at gobex/gobex.c:1192
12 0x00007ffff702dda6 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
13 0x00007ffff702e0f8 in ?? () from /usr/lib/libglib-2.0.so.0
14 0x00007ffff702e4fa in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
15 0x0000000000427ce8 in main (argc=1, argv=0x7fffffffdd48)
at obexd/src/main.c:319
This updates the values that are presented in the Type property to use
the values from the documentation ("email", "sms-gsm", "sms-cdma", "mms").
The existing code directly used the values as received in the messages
listing object ("EMAIL", "SMS_GSM", "SMS_CDMA", "MMS").
The __func__ macro is part of the C99 standard whereas __FUNCTION__ is a
legacy gcc specific alias for it:
http://gcc.gnu.org/onlinedocs/gcc/Function-Names.html
Additionally, checkpatch.pl that's commonly used to verify coding style
also recommends to use __func__ instead of __FUNCTION__.
The error happens whenever RegisterProfile fails the interface is not
unregistered causing any subsequent call to register_profile function
to fail:
obexd[944]: D-Bus failed to register /org/bluez/obex/00005005_0000_1000_8000_0002ee000001
obexd[944]: bluetooth: Failed to register profile (null)
The transport connection should only be dropped once all references to
the session are released otherwise some pending operations may not be
processed and the session will not be freed.
This patch extends client session by the tracking of the current folder.
The current folder can be accessed by obc_session_get_current_folder.
This allows drivers to add a folder property to browsed objects so that
the application doesn't have to keep track of the folder an object
belongs to.
Currently the message D-Bus properties for the ListMessages response are put
together manually in the parse_* functions unsing obex_dbus_dict_append.
This patch simplifies it by calling g_dbus_get_properties for every message.
96 bytes in 3 blocks are definitely lost in loss record 217 of 310
at 0x4C29E84: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5977858: g_malloc0 (in /usr/lib/libglib-2.0.so.0.3600.3)
by 0x433A87: map_register_event_handler (map-event.c:76)
by 0x4324C1: set_notification_registration (map.c:1722)
by 0x4325BB: map_probe (map.c:1801)
by 0x42D55C: obc_session_register (session.c:862)
by 0x42BE4B: create_callback (manager.c:100)
by 0x42CA0D: connect_cb (session.c:281)
by 0x4191CB: handle_response (gobex.c:949)
by 0x4196F0: incoming_data (gobex.c:1192)
by 0x5971DA5: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.3600.3)
by 0x59720F7: ??? (in /usr/lib/libglib-2.0.so.0.3600.3)
Conditional jump or move depends on uninitialised value(s)
at 0x42C1AF: obex_put_stream_start (obex.c:869)
by 0x428D1A: mns_put (mns.c:148)
by 0x42B521: cmd_put (obex.c:982)
by 0x419FB5: incoming_data (gobex.c:1022)
by 0x3F31A47A54: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x3F31A47D87: ??? (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x3F31A48181: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x40DEE2: main (main.c:319)
Uninitialised value was created by a stack allocation
at 0x42C160: obex_put_stream_start (obex.c:862)
The MAP specification allows to reuse one MNS server instance for all
local MAS client instances. This dispatching of event reports to the
correct MAS client instance is done by the MAS instance id and the
device address.
The dispatcher component allows MAS client instances to register a
notification handler. Events reports are forwarded by the MNS server using
map_dispatch_event.
The remote address used for dispatching the MAP notifications is
initialized when the MNS is connected. Therefore it needs to be freed
when the session is destroyed and not after receiving an event report.
Trace:
0 0x00007ffff6a6a1c9 in raise () from /usr/lib/libc.so.6
1 0x00007ffff6a6b5c8 in abort () from /usr/lib/libc.so.6
2 0x00007ffff6aa8037 in __libc_message () from /usr/lib/libc.so.6
3 0x00007ffff6aad8ae in malloc_printerr () from /usr/lib/libc.so.6
4 0x00007ffff6aae587 in _int_free () from /usr/lib/libc.so.6
5 0x00000000004273b0 in event_report_close (obj=0x69a5b0)
at obexd/client/mns.c:295
6 0x0000000000429549 in os_reset_session (os=0x69c210)
at obexd/src/obex.c:199
7 0x000000000041bec6 in transfer_complete (transfer=0x69a9d0, err=0x0)
at gobex/gobex-transfer.c:103
8 0x000000000041c20c in transfer_put_req (obex=0x69b470,
req=<optimized out>, user_data=0x69a9d0) at
gobex/gobex-transfer.c:407
9 0x000000000041988d in handle_request (req=0x69f3d0, obex=0x69b470)
at gobex/gobex.c:1022
10 incoming_data (io=<optimized out>, cond=<optimized out>,
user_data=0x69b470) at gobex/gobex.c:1194
11 0x00007ffff702de46 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
12 0x00007ffff702e198 in ?? () from /usr/lib/libglib-2.0.so.0
13 0x00007ffff702e59a in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
14 0x000000000040dead in main (argc=1, argv=0x7fffffffddc8)
at obexd/src/main.c:319
The function obc_session_mkdir needs to use file_op_complete as
callback.
0 0x00007ffff72f7553 in ?? () from /usr/lib/libdbus-1.so.3
1 0x00007ffff72f7dff in ?? () from /usr/lib/libdbus-1.so.3
2 0x00007ffff72fef9a in dbus_message_get_sender ()
from /usr/lib/libdbus-1.so.3
3 0x00007ffff72feff9 in dbus_message_new_method_return ()
from /usr/lib/libdbus-1.so.3
4 0x000000000043c93f in async_cb (session=0x6a9d30, transfer=0x0,
err=0x0,
user_data=0x675660) at obexd/client/ftp.c:65
5 0x0000000000438c7c in async_cb (obex=0x6aa980, err=0x0,
rsp=0x67a690,
user_data=0x67ced0) at obexd/client/session.c:1035
6 0x000000000041cbcc in handle_response (obex=0x6aa980, err=0x0,
rsp=0x67a690) at gobex/gobex.c:949
7 0x000000000041d49f in incoming_data (io=0x67d0f0, cond=G_IO_IN,
user_data=0x6aa980) at gobex/gobex.c:1192
8 0x00007ffff702de46 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
9 0x00007ffff702e198 in ?? () from /usr/lib/libglib-2.0.so.0
10 0x00007ffff702e59a in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
11 0x0000000000430a09 in main (argc=1, argv=0x7fffffffddc8)
at obexd/src/main.c:319
The file_op_complete callback added for the OBEX session command queuing
is called with a file_data parameter and not with a pending_request.
This fixes a crash when calling one of the file commands (like delete).
0 0x0000000000438cd6 in file_op_complete (session=0x6a9d30,
transfer=0x0,
err=0x0, user_data=0x6762e0) at obexd/client/session.c:1054
1 0x0000000000438c64 in async_cb (obex=0x6aa980, err=0x0,
rsp=0x67a710,
user_data=0x6ac2c0) at obexd/client/session.c:1035
2 0x000000000041cbcc in handle_response (obex=0x6aa980, err=0x0,
rsp=0x67a710) at gobex/gobex.c:949
3 0x000000000041d49f in incoming_data (io=0x67d0f0, cond=G_IO_IN,
user_data=0x6aa980) at gobex/gobex.c:1192
4 0x00007ffff702de46 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
5 0x00007ffff702e198 in ?? () from /usr/lib/libglib-2.0.so.0
6 0x00007ffff702e59a in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
7 0x00000000004309f0 in main (argc=1, argv=0x7fffffffddc8)
at obexd/src/main.c:319
The function setpath_complete has to be called with a pending_request as
user_data. In one possible error case, the current code calls it
incorrectly with setpath_data.
