[nrf fromtree] Bluetooth: UBSAN warnings fixes #1483
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NordicBuilder
requested review from
alwa-nordic,
asbjornsabo,
hermabe,
jori-nordic,
kruithofa,
Thalley and
theob-pro
ivaniushkov
force-pushed
the
cherry_pick_ubsan_warnings
branch
from
42a9a44
to
053500c
Compare
jori-nordic
approved these changes
Feb 9, 2024
hermabe
approved these changes
Feb 9, 2024
|
CI in manifest PR is green: |
…n adv.c/scan.c during local testling, UBSAN reported the following warnings: - bluetooth/host/adv.c:2067:19: runtime error: shift exponent 255 is too large for 32-bit type 'long unsigned int' - bluetooth/host/scan.c:828:18: runtime error: shift exponent 255 is too large for 32-bit type 'long unsigned int' It turned out that we can't use BIT() macro directly on bt_hci_evt_le_per_advertising_report::cte_type field. According to Core Spec, `cte_type = 0xFF` corresponds to `No contstant tone extension`. Added separate function to convert CTE bit field from HCI format to bt_df_cte_type Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no> (cherry picked from commit b1e9f86) Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
…iguration During local testing with UBSAN enabled, warning was reported: bluetooth/host/iso.c:237:2: runtime error: null pointer passed as argument 2, which is declared to never be null It turned out that when datapath doesn't contain codec information, cc_len is 0 and cc is NULL In order to avoid UB, now we call memcpy only when cp->codec_config_len > 0 Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no> (cherry picked from commit e8d0900) Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
…annel destroyer During local testing with UBSAN enabled, warning was reported: bluetooth/host/l2cap.c:980:25: runtime error: member access within null pointer of type 'struct k_work_q' It turned out that le_chan->rtx_work.queue can be NULL. Since null-pointer dereference is a UB, additional check was added to ensure we don't access `le_chan->rtx_work.queue->thread` when `le_chan->rtx_work.queue == NULL` The same changes applied to l2cap_br.c Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no> (cherry picked from commit a3cbf8e) Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
ivaniushkov
force-pushed
the
cherry_pick_ubsan_warnings
branch
from
053500c
to
3087c5c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Several warnings were reported by UBSAN when testing different Bluetooth LE features.
This PR fixes 3 different warnings.