OSDN Git Service
Marcel Holtmann [Thu, 7 Apr 2016 21:39:34 +0000 (23:39 +0200)]
tools: Change test-runner license to LGPL easy reuse
Marcel Holtmann [Mon, 4 Apr 2016 22:15:47 +0000 (00:15 +0200)]
Release 5.39
Marcel Holtmann [Mon, 4 Apr 2016 22:06:05 +0000 (00:06 +0200)]
lib: Update company identifiers
Łukasz Rymanowski [Sat, 2 Apr 2016 20:26:47 +0000 (22:26 +0200)]
shared/gatt-server: Add support for long write
With this patch long write and nested long write reliable is supported.
GATT server is responsible now to do aggregation of prep write data
for long write session.
Note: We consider long write as the consequtive prepare writes with
continues offsets.
E.g. 1
prep_write: handle 1, offset 0, value_len 10
prep_write: handle 1, offset 10, value_len 10
prep_write: handle 2, offset 0, value_len 10
prep_write: handle 2, offset 10, value_len 10
Will result with following calles to app:
exec_write: handle 1: offset 0, value_len 20
exec_write: handle 2: offset 0, value_len 20
E.g. 2
prep_write: handle 1, offset 0, value_len 10
prep_write: handle 1, offset 2, value_len 5
prep_write: handle 2, offset 0, value_len 10
prep_write: handle 2, offset 4, value_len 5
Will result with following calles to app:
exec_write: handle 1: offset 0, value_len 10
exec_write: handle 1: offset 2, value_len 5
exec_write: handle 2: offset 0, value_len 10
exec_write: handle 2: offset 4, value_len 5
E.g. 3
prep_write: handle 1, offset 0, value_len 10
prep_write: handle 1, offset 5, value_len 5
prep_write: handle 1, offset 10, value_len 6
will result with following calles to app:
exec_write: handle 1, offset 0, value 10
exec_write: handle 1, offset 5, value 11
Luiz Augusto von Dentz [Mon, 4 Apr 2016 10:12:54 +0000 (13:12 +0300)]
client: Fix code style problems
Only tabs shall be used for indentation.
Szymon Janc [Fri, 1 Apr 2016 19:58:29 +0000 (21:58 +0200)]
input/hog: Fix crash if uhid is not enabled
If /dev/uhid is not present bt_hog_new_default() returns NULL.
This was resulting in NULL pointer dereference in attio_connected_cb.
Luiz Augusto von Dentz [Fri, 1 Apr 2016 14:00:05 +0000 (17:00 +0300)]
audio: Fix double free
Because avdtp_unref can now cause a state change the stream reference
shall be dropped before a2dp_cancel is called otherwise the code may
attempt to unref once more using the same reference:
Invalid read of size 8
at 0x41F33B: avdtp_set_state (avdtp.c:695)
by 0x420CE7: connection_lost (avdtp.c:1118)
by 0x4216C4: avdtp_unref (avdtp.c:1178)
by 0x418098: source_disconnect (source.c:395)
by 0x41D417: a2dp_source_disconnect (a2dp.c:2312)
by 0x49A64B: btd_service_disconnect (service.c:273)
by 0x49E120: dev_disconn_service (device.c:1325)
by 0x50E6DAC: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x4A3894: device_request_disconnect (device.c:1357)
by 0x4A3A3C: dev_disconnect (device.c:1442)
by 0x4C7F22: process_message.isra.3 (object.c:259)
by 0x4C877C: generic_message (object.c:1071)
Address 0x929b0c0 is 16 bytes inside a block of size 1,160 free'd
at 0x4C29E00: free (vg_replace_malloc.c:530)
by 0x50CE5ED: g_free (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x42163B: avdtp_free (avdtp.c:1101)
by 0x42163B: avdtp_unref (avdtp.c:1182)
by 0x417808: source_set_state (source.c:108)
by 0x4178F9: avdtp_state_callback (source.c:122)
by 0x41F386: avdtp_set_state (avdtp.c:698)
by 0x420CE7: connection_lost (avdtp.c:1118)
by 0x4216C4: avdtp_unref (avdtp.c:1178)
by 0x418098: source_disconnect (source.c:395)
by 0x41D417: a2dp_source_disconnect (a2dp.c:2312)
by 0x49A64B: btd_service_disconnect (service.c:273)
by 0x49E120: dev_disconn_service (device.c:1325)
Luiz Augusto von Dentz [Fri, 1 Apr 2016 13:44:16 +0000 (16:44 +0300)]
audio/avdtp: Fix code style
Luiz Augusto von Dentz [Thu, 24 Mar 2016 09:15:43 +0000 (11:15 +0200)]
build: Make old GATT plugins deprecated
This disables building plugins that are no longer supported by the core
since the transition to gatt-db. In the future these plugins will have to
be ported to use gatt-db or be removed if the profile can be implemented
using the GATT D-Bus APIs.
Luiz Augusto von Dentz [Fri, 1 Apr 2016 08:07:15 +0000 (11:07 +0300)]
audio/avrcp: Fix registering to player events
If controller does not have a player skip registering to events which
requires a player.
Szymon Janc [Fri, 25 Mar 2016 15:11:33 +0000 (16:11 +0100)]
audio/avdtp: Fix crash on outgoing connection failure
This fix double free if outgoing connection failed. This was due to
connection_lost() being called from avdtp_unref which could result
in another call to connection_lost when session ref is already 0.
Fix this in similar way pairing agent is handled: takes extra reference
before calling callbacks and unref it before exit. Then only unref is
suppose to free session.
connect error: Host is down (112)
profiles/audio/avdtp.c:connection_lost() Disconnected from 00:0C:8A:FB:D4:16
profiles/audio/a2dp.c:discover_cb() err 0xfff000240
profiles/audio/avdtp.c:avdtp_unref() 0x85a88f0: ref=1
src/service.c:change_state() 0x7f7c710: device 00:0C:8A:FB:D4:16 profile
a2dp-sink state changed: connecting -> disconnected (-11)
src/device.c:device_profile_connected() a2dp-sink Resource temporarily
unavailable (11)
src/device.c:device_profile_connected() returning response to :1.37
profiles/audio/a2dp.c:setup_unref() 0x85b0380: ref=0
profiles/audio/a2dp.c:setup_free() 0x85b0380
profiles/audio/avdtp.c:avdtp_unref() 0x85a88f0: ref=0
profiles/audio/avdtp.c:connection_lost() Disconnected from 00:0C:8A:FB:D4:16
profiles/audio/a2dp.c:discover_cb() err 0xfff000170
profiles/audio/sink.c:sink_set_state() State changed /org/bluez/hci0/
dev_00_0C_8A_FB_D4_16: SINK_STATE_CONNECTING -> SINK_STATE_DISCONNECTED
profiles/audio/a2dp.c:channel_remove() chan 0x85a8780
profiles/audio/avdtp.c:avdtp_free() 0x85a88f0
Invalid free() / delete / delete[] / realloc()
at 0x4C29CF0: free (vg_replace_malloc.c:530)
by 0x50CE5ED: g_free (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x4177E3: finalize_discovery (avdtp.c:1039)
by 0x41789A: connection_lost (avdtp.c:1114)
by 0x41A7FD: avdtp_connect_cb (avdtp.c:2339)
by 0x44CBFB: connect_cb (btio.c:232)
by 0x50C8E39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C91CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C94F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x40B7B7: main (main.c:687)
Address 0x85b4c30 is 0 bytes inside a block of size 24 free'd
at 0x4C29CF0: free (vg_replace_malloc.c:530)
by 0x50CE5ED: g_free (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x4177E3: finalize_discovery (avdtp.c:1039)
by 0x41789A: connection_lost (avdtp.c:1114)
by 0x413EE2: setup_free (a2dp.c:163)
by 0x413EE2: setup_unref (a2dp.c:178)
by 0x413F5F: setup_cb_free (a2dp.c:201)
by 0x41638D: finalize_discover (a2dp.c:346)
by 0x41638D: discover_cb (a2dp.c:1855)
by 0x4177DB: finalize_discovery (avdtp.c:1037)
by 0x41789A: connection_lost (avdtp.c:1114)
by 0x41A7FD: avdtp_connect_cb (avdtp.c:2339)
by 0x44CBFB: connect_cb (btio.c:232)
by 0x50C8E39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.2)
Block was alloc'd at
at 0x4C2A988: calloc (vg_replace_malloc.c:711)
by 0x50CE530: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x4190FB: avdtp_discover (avdtp.c:3186)
by 0x416C19: a2dp_discover (a2dp.c:1872)
by 0x413642: sink_setup_stream (sink.c:265)
by 0x4136C4: sink_connect (sink.c:294)
by 0x470165: btd_service_connect (service.c:238)
by 0x47583C: connect_next.isra.18 (device.c:1455)
by 0x478500: connect_profiles (device.c:1710)
by 0x48EC4A: process_message.isra.5 (object.c:259)
by 0x53DD1A2: ??? (in /usr/lib64/libdbus-1.so.3.14.6)
by 0x53CE733: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.14.6)
Johan Hedberg [Thu, 24 Mar 2016 12:01:23 +0000 (14:01 +0200)]
tools/btattach: Add command line switch for specifying the baudrate
Luiz Augusto von Dentz [Tue, 22 Mar 2016 14:50:41 +0000 (16:50 +0200)]
tests/example-gatt-client: Fix using invalid property
This fixes the following trace caused by GattServices1 no longer
containing a property called Characteristics:
Traceback (most recent call last):
File "./example-gatt-client", line 221, in <module>
main()
File "./example-gatt-client", line 207, in main
if not process_hr_service(service_path):
File "./example-gatt-client", line 167, in process_hr_service
chrc_paths = service_props['Characteristics']
KeyError: 'Characteristics'
Luiz Augusto von Dentz [Wed, 23 Mar 2016 12:31:18 +0000 (14:31 +0200)]
audio/a2dp: Simplify error handling
Don't expose avdtp_error in a2dp.h instead handle it internally
converting to posix error whenever necessary.
Luiz Augusto von Dentz [Wed, 23 Mar 2016 11:15:59 +0000 (13:15 +0200)]
audio/avdtp: Fix passing wrong error code
finalize_discovery actually expect positive codes since it passes to
avdtp_error_init.
Luiz Augusto von Dentz [Wed, 23 Mar 2016 10:39:28 +0000 (12:39 +0200)]
audio/avdtp: Only set disconnect timer if connected
If the session is not connected it makes no sense to enable the
disconnect timer.
Luiz Augusto von Dentz [Tue, 22 Mar 2016 15:37:18 +0000 (17:37 +0200)]
audio/avrcp: Fix crash when connecting to controllers
Patch
70fdb77d0af137aa859f267da976f610cd9bbbd2 has actually caused the
following regression since no player is set:
Invalid read of size 8
at 0x435B8E: avrcp_player_value_rsp (avrcp.c:2150)
by 0x42FB83: control_response (avctp.c:831)
by 0x42FB83: session_cb (avctp.c:996)
by 0x50C8E39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C91CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C94F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x40C258: main (main.c:687)
Address 0x58 is not stack'd, malloc'd or (recently) free'd
Łukasz Rymanowski [Fri, 18 Mar 2016 13:08:14 +0000 (14:08 +0100)]
shared/gatt-server: Fix handle error on execute write
If there is an error during execute write we should drop all
outstanding prep_write data. This patch fix that.
Łukasz Rymanowski [Fri, 18 Mar 2016 13:08:13 +0000 (14:08 +0100)]
unit/test-gatt: Fix long write test
This patch change characteristic we are writing too in the nested
long write reliable testcase.
Basically characteristic with handle 0x0072 already have characteristic
extended descriptor required for reliable session
Łukasz Rymanowski [Fri, 18 Mar 2016 13:08:12 +0000 (14:08 +0100)]
unit/test-gatt: Extend large-db
This patch adds characteristic extended descriptor to characteristic
handle 0x0081. Also fixes testes using this.
We need this to make script pass when following patches start
to look into this descriptor on reliable write session
Łukasz Rymanowski [Fri, 18 Mar 2016 13:08:11 +0000 (14:08 +0100)]
unit/test-gatt: Modify small-db
This patch adds Characteristic Extended descriptor to characteristic
with handle 0x0002 nad 0x0014.
Also fixes scripts using small-db.
We need this as next patches will start to look into this descriptor
on reliable write session.
Łukasz Rymanowski [Fri, 18 Mar 2016 13:08:10 +0000 (14:08 +0100)]
unit/test-gatt: Fix long write testcases
Idea of long write is that each part of data is continuation
of previous one. There shall be not gaps in the offsets between.
If there are gaps in offset then we have reliable write rather than
long write
Luiz Augusto von Dentz [Mon, 21 Mar 2016 12:30:09 +0000 (14:30 +0200)]
shared/gatt-client: Forward events from parent to clones
Some events such as ready and service changed shall be forward to clones
since the clones may have set callbacks as well.
Luiz Augusto von Dentz [Mon, 21 Mar 2016 13:42:31 +0000 (15:42 +0200)]
shared/gatt-client: Make it possible to clone non-ready clients
This is necessary in order to be possible to send commands while the
discovery is in progress.
Luiz Augusto von Dentz [Mon, 21 Mar 2016 10:39:41 +0000 (12:39 +0200)]
core/gatt-client: Fix crash on service changed
The following crash can be observed when a service is removed from the
remote device leading to remove a client but instead a different
pointer was given causing which may leave the notification queue with
invalid clients:
Invalid read of size 8
at 0x4A80D1: remove_client (gatt-client.c:1311)
by 0x4DA16E: queue_remove_all (queue.c:351)
by 0x4A7DF3: unregister_characteristic (gatt-client.c:1331)
by 0x4DA16E: queue_remove_all (queue.c:351)
by 0x4A7D65: unregister_service (gatt-client.c:1447)
by 0x4DA0D5: queue_remove_all (queue.c:336)
by 0x4AB11C: btd_gatt_client_service_removed (gatt-client.c:1747)
by 0x4AFEA3: gatt_service_removed (device.c:3448)
by 0x4E8FD1: handle_notify (gatt-db.c:249)
by 0x4D9DC3: queue_foreach (queue.c:220)
by 0x4E9ECB: notify_service_changed (gatt-db.c:266)
by 0x4E9F7C: gatt_db_service_destroy (gatt-db.c:277)
Address 0x8cf8620 is 0 bytes inside a block of size 32 free'd
at 0x4C29E00: free (vg_replace_malloc.c:530)
by 0x4A9405: register_notify (gatt-client.c:1669)
by 0x4D9DC3: queue_foreach (queue.c:220)
by 0x4AAFBB: btd_gatt_client_connected (gatt-client.c:1714)
by 0x4B2DAA: gatt_client_init (device.c:4591)
by 0x4B2DAA: device_attach_att (device.c:4705)
by 0x4B4712: att_connect_cb (device.c:4742)
by 0x47375B: connect_cb (btio.c:232)
by 0x50C8E39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C91CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C94F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x40C258: main (main.c:687)
Mike Ryan [Sat, 19 Mar 2016 03:48:48 +0000 (20:48 -0700)]
tools: make parse_companies.pl more forgiving of weird HTML
Several company identifier lines do not end in a </td> but rather <br/>
followed by newline followed by </td>. This dirty hack is more forgiving
of HTML weirdnesses in the SIGs company identifiers page.
Szymon Janc [Fri, 11 Mar 2016 16:16:06 +0000 (17:16 +0100)]
unit/test-crypto: Add test based on sample data from errata 4243
Marcel Holtmann [Fri, 18 Mar 2016 02:15:59 +0000 (03:15 +0100)]
Release 5.38
Marcel Holtmann [Fri, 18 Mar 2016 00:14:25 +0000 (01:14 +0100)]
monitor: Update vendor defined 16-bit UUID entries
Marcel Holtmann [Thu, 17 Mar 2016 23:58:57 +0000 (00:58 +0100)]
lib: Update company identifiers
Marcel Holtmann [Thu, 17 Mar 2016 23:57:32 +0000 (00:57 +0100)]
build: Update library version
Luiz Augusto von Dentz [Wed, 16 Mar 2016 11:39:03 +0000 (13:39 +0200)]
shared/gatt-client: Simplify service changed handling
Don't reset the range since the discovery should be able to detect
modifications and in case the service was removed the code calls
gatt_db_clear_range to reset it at the end.
Luiz Augusto von Dentz [Wed, 16 Mar 2016 11:12:12 +0000 (13:12 +0200)]
shared/gatt-client: Don't remove notification handlers
The notification handlers shall not be removed automatically when service
changed is received and the handle is in range. The user should be able to
decide whether to keep the registration or not since it will get events of
the service changed via gatt_db.
Luiz Augusto von Dentz [Mon, 14 Mar 2016 13:39:22 +0000 (15:39 +0200)]
core/gatt-client: Use of bt_gatt_client_clone
This uses bt_gatt_client_clone to track pending requests and cancel
them if bt_gatt_client_unref is called.
Luiz Augusto von Dentz [Mon, 29 Feb 2016 11:37:51 +0000 (13:37 +0200)]
shared/gatt-client: Add bt_gatt_client_clone
This adds bt_gatt_client_clone which can clone existing client skipping
the discovery phase and creating separate queues so that all requests
done using the clone can be cancelled separately.
Andrejs Hanins [Wed, 22 Jul 2015 10:54:32 +0000 (13:54 +0300)]
core/advertising: Fix byte order for MGMT_OP_ADD_ADVERTISING flags
Fix byte order for MGMT_OP_ADD_ADVERTISING flags
Luiz Augusto von Dentz [Tue, 15 Mar 2016 13:18:18 +0000 (15:18 +0200)]
core/device: Make sure ServicesResolved is triggered last
Service objects shall show up before ServicesResolved as that will be
used to trigger enumeration of the services at the higher layers.
Luiz Augusto von Dentz [Tue, 15 Mar 2016 09:20:36 +0000 (11:20 +0200)]
doc/gatt-api: Remove Characteristics and Descriptors properties
These properties are no longer needed since the objects shall be managed
with use of ObjectManager both in case of client and server.
Luiz Augusto von Dentz [Mon, 14 Mar 2016 14:40:11 +0000 (16:40 +0200)]
TODO: Update GATT/ATT items
Luiz Augusto von Dentz [Thu, 10 Mar 2016 16:08:36 +0000 (18:08 +0200)]
doc/device-api: Replace GattServices with ServicesDiscovered property
GattServices is not really doing was it was meant to do which was to
track progress of service discovery since it only worked for the very
first time a device is connected but since we no longer remove the
attributes an application would have the false impression the service are
all resolved by the time it reconnects when in fact the service may have
changed.
Furthermore object tracking like it is doing has been obsolete by
ObjectManager so this propose to replace the service discovery tracking
with a boolean property which works both with SDP as well as GATT
discovery.
Johan Hedberg [Mon, 14 Mar 2016 06:57:07 +0000 (08:57 +0200)]
doc/mgmt-api: Mark 4.5 kernel as released
Luiz Augusto von Dentz [Fri, 4 Mar 2016 11:36:53 +0000 (13:36 +0200)]
shared/gatt-client: Don't send Exchange MTU for default value
If the MTU to be exchange is the default there is no pointing in sending
it since the remote already assumes it anyway.
Szymon Janc [Fri, 4 Mar 2016 10:57:11 +0000 (11:57 +0100)]
doc: Fix data length in Advertising API description
LE Advertising Data is 31 bytes long.
Johan Hedberg [Wed, 9 Mar 2016 16:01:53 +0000 (18:01 +0200)]
doc/mgmt-api: Document mgmt version 1.12 features
Johan Hedberg [Wed, 9 Mar 2016 16:01:34 +0000 (18:01 +0200)]
doc/mgmt-api: Update privacy mode 0x02 description
Cody P Schafer [Mon, 7 Mar 2016 21:01:23 +0000 (16:01 -0500)]
uuid: fix 1 byte stack overflow
scanf requires that '[' convertion specifiers have enough room for all
characters in the string, _plus a terminating null byte_. We were
previously not providing room for the terminating null byte.
This was detected by AddressSanitizer:
==15036==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe4e774401 at pc 0x7fd33f572c98 bp 0x7ffe4e774270 sp 0x7ffe4e7739f8
WRITE of size 2 at 0x7ffe4e774401 thread T0
#0 0x7fd33f572c97 in scanf_common /build/gcc-multilib/src/gcc-5-
20160209/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:340
#1 0x7fd33f5739ea in __interceptor_vsscanf /build/gcc-multilib/src/gcc-5-
20160209/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:769
#2 0x7fd33f573b49 in __interceptor_sscanf /build/gcc-multilib/src/gcc-5-
20160209/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:793
#3 0x650db5 in is_base_uuid128 lib/uuid.c:191
#4 0x65196e in bt_string_to_uuid lib/uuid.c:267
#5 0x56f28e in parse_uuid src/gatt-database.c:1473
#6 0x5729e0 in database_add_service src/gatt-database.c:2053
#7 0x57329f in database_add_app src/gatt-database.c:2106
#8 0x573adc in client_ready_cb src/gatt-database.c:2211
#9 0x6695fd in get_managed_objects_reply gdbus/client.c:1097
#10 0x7fd33efd5391 (/usr/lib/libdbus-1.so.3+0x13391)
#11 0x7fd33efd8db0 in dbus_connection_dispatch (/usr/lib/libdbus-1.so.3+0x16db0)
#12 0x651ecd in message_dispatch gdbus/mainloop.c:72
#13 0x7fd33f25cc39 in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x49c39)
#14 0x7fd33f25cfdf (/usr/lib/libglib-2.0.so.0+0x49fdf)
#15 0x7fd33f25d301 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x4a301)
#16 0x54b7d1 in main src/main.c:687
#17 0x7fd33d90870f in __libc_start_main (/usr/lib/libc.so.6+0x2070f)
#18 0x40bba8 in _start (/home/cody/g/bluez/src/bluetoothd+0x40bba8)
Address 0x7ffe4e774401 is located in stack of thread T0 at offset 33 in frame
#0 0x650ccd in is_base_uuid128 lib/uuid.c:184
This frame has 2 object(s):
[32, 33) 'dummy' <== Memory access at offset 33 overflows this variable
[96, 98) 'uuid'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /build/gcc-multilib/src/gcc-5-
20160209/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:340 scanf_common
Shadow bytes around the buggy address:
0x100049ce6830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100049ce6840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100049ce6850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100049ce6860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100049ce6870: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x100049ce6880:[01]f4 f4 f4 f2 f2 f2 f2 02 f4 f4 f4 f3 f3 f3 f3
0x100049ce6890: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x100049ce68a0: 00 f4 f4 f4 f2 f2 f2 f2 00 00 04 f4 f2 f2 f2 f2
0x100049ce68b0: 00 00 00 00 00 00 00 00 00 f4 f4 f4 f3 f3 f3 f3
0x100049ce68c0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x100049ce68d0: 01 f4 f4 f4 f2 f2 f2 f2 00 00 04 f4 f3 f3 f3 f3
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==15036==ABORTING
Luiz Augusto von Dentz [Tue, 8 Mar 2016 14:00:31 +0000 (16:00 +0200)]
shared/att: Fix not notifying the callback
This makes sure that all request callback are called with
BT_ATT_OP_ERROR_RSP in case the link is dropped so they can propagate
the error back to the caller.
Luiz Augusto von Dentz [Tue, 8 Mar 2016 11:36:51 +0000 (13:36 +0200)]
core/gatt-database: Don't always wait for response
If the characterist has set BT_GATT_CHRC_PROP_WRITE_WITHOUT_RESP it means
it won't reply to WriteValue and even if it does other Write Commands
can be outstanding which would be blocked waiting the reply of the
previous message.
Luiz Augusto von Dentz [Tue, 8 Mar 2016 11:33:25 +0000 (13:33 +0200)]
gdbus/client: Use g_dbus_send_message if callback is not set
If the user don't set a function it means it doesn't care about the reply
so g_dbus_send_message can be used.
Luiz Augusto von Dentz [Mon, 7 Mar 2016 13:56:31 +0000 (15:56 +0200)]
test/example-gatt-server: Don't order objects
This tests if the code is actually handling registration with objects out
of order which seems very common practice with ObjectManager
implementation.
Olivier Martin [Fri, 4 Mar 2016 16:50:11 +0000 (16:50 +0000)]
gatt-database: Fix GATT object ordering
There is no guarantee the objects returned by GetManagedObjects
are ordered in the required order which is Service, Characteristic
Descriptor due to their respective dependencies.
This change ensures the objects are processed in the correct order.
Luiz Augusto von Dentz [Wed, 2 Mar 2016 14:04:18 +0000 (16:04 +0200)]
shared/gatt-client: Fix not detecting BT_ATT_SECURITY_AUTO
Using bt_gatt_security cannot detect if BT_ATT_SECURITY_AUTO is enabled
since it actually checks the current level when operating over L2CAP, so
instead use io_sec_level internal field to detect the security level in
which ATT is supposed to be operating.
Luiz Augusto von Dentz [Mon, 29 Feb 2016 15:21:53 +0000 (17:21 +0200)]
core/gatt-client: Fix printing errors if experimental is disabled
If experimental flag is not set don't attempt to create any objects since
it will cause error that are hard to guess such as bellow:
bluetoothd[6539]: Unable to register GATT service with handle 0x000c for device
Luiz Augusto von Dentz [Fri, 26 Feb 2016 13:17:38 +0000 (15:17 +0200)]
shared/gatt-client: Fix not clearing database after discovery
The database cache needs to be in sync with discovery so once a discovery
complete handles after that last attribute found shall be cleared.
Chevallier Maxime [Wed, 24 Feb 2016 09:29:45 +0000 (10:29 +0100)]
tools/btgatt-client: Fix write-value byte parsing
write-value, write-long-value and write-prepare were parsing
bytes using strtol with base '0' and restraining wtring size to
be exactly 2, forbidding to write values over 99. The string length
is no more checked, we instead check that the parsed value is in the
correct range.
John Keeping [Wed, 24 Feb 2016 13:57:38 +0000 (13:57 +0000)]
tools/avinfo: Fix big endian build
Commit
101b439 (tools/avinfo: Add partial support for Sony LDAC) added a
new a2dp_ldac_t structure but only inside a little endian ifdef. Add
the same structure in the big endian code.
The structure definition doesn't differ for the big/little endian cases
but if the unknown fields are discovered in the future it might, so a
copy is added rather than pulling the existing definition below the
endif.
Kurt McAlpine [Wed, 24 Feb 2016 19:46:46 +0000 (08:46 +1300)]
test: Fix scripts to run with python 3
Luiz Augusto von Dentz [Wed, 17 Feb 2016 10:52:32 +0000 (12:52 +0200)]
shared/gatt-client: Fix regression
The patch
9b40ecc8389fb064c6b5a35324c8031731e59131 introduced a
regression where only the characteristics of the first service would be
discovered.
Luiz Augusto von Dentz [Mon, 15 Feb 2016 12:14:31 +0000 (14:14 +0200)]
core/device: Fix not clearing Attributes before storing
This can leave the storage in a bad state if device start changing its
attributes the old one are never removed as the code reloads them with
g_key_file_load_from_file.
Luiz Augusto von Dentz [Mon, 15 Feb 2016 11:44:27 +0000 (13:44 +0200)]
core/device: Fix not reseting database if attributes cannot be loaded
If one or more attributes cannot be loaded it means the database is
probably in a bad state so just clear it so the attributes can be
discovered again.
Luiz Augusto von Dentz [Mon, 15 Feb 2016 11:36:33 +0000 (13:36 +0200)]
core/device: Fix log when loading characteristic fails
It should log that loading fails not saving.
Luiz Augusto von Dentz [Mon, 15 Feb 2016 11:21:34 +0000 (13:21 +0200)]
shared/gatt-client: Rename tmp_queue to svcs
The tmp_queue in fact store the processed services so just rename it to
svcs and stop creating extra variables for that.
Luiz Augusto von Dentz [Mon, 15 Feb 2016 11:14:57 +0000 (13:14 +0200)]
shared/gatt-client: Add debug log if characteristic cannot be added
If gatt_db_service_insert_characteristic fails print an error for the
handle.
Szymon Janc [Fri, 12 Feb 2016 13:43:44 +0000 (14:43 +0100)]
client: Fix removing all devices
cmd_remove takes address string not device path.
Syam Sidhardhan [Wed, 3 Feb 2016 14:22:46 +0000 (19:52 +0530)]
obexd: client: Fix memory leaks
We have to free the allocated memory for data and its members.
Syam Sidhardhan [Wed, 3 Feb 2016 14:58:43 +0000 (20:28 +0530)]
adapter: Fix memory leak
if strlen(str) < 32 then there is a memory leak.
Luiz Augusto von Dentz [Thu, 11 Feb 2016 11:43:12 +0000 (13:43 +0200)]
tools/gatt-service: Add missing methods
This adds the missing methods of GattCharacteristic and GattDescriptor
interfaces.
Luiz Augusto von Dentz [Wed, 10 Feb 2016 12:35:26 +0000 (14:35 +0200)]
tools/gatt-service: Add missing properties
This adds the missing properties necessary to be able to register.
Luiz Augusto von Dentz [Wed, 10 Feb 2016 11:56:05 +0000 (13:56 +0200)]
tools/gatt-service: Fix using RegisterService
RegisterService no longer exists as it was replaced with
RegisterApplication, also the path being used is wrong since GattManager
interface is available per adapter path.
Luiz Augusto von Dentz [Mon, 8 Feb 2016 08:50:03 +0000 (10:50 +0200)]
client: Fix not detecting connections when starting
If a device is connected set it as default so the prompt is updated and
attribute related commands can work.
Johan Hedberg [Mon, 8 Feb 2016 08:36:44 +0000 (10:36 +0200)]
tools: Remove discoverable flag from non-connectable advertising
According to the GAP specification non-connectable advertising packets
shall not set any of the discoverable flags.
Luiz Augusto von Dentz [Mon, 1 Feb 2016 13:39:20 +0000 (15:39 +0200)]
shared/gatt-client: Fix crash unregistering notification
This fixes the following crash which happen when a notification is queued
waiting for CCC to be written but it cancelled before it completes:
Invalid read of size 4
at 0x4E0C38: notify_data_unref (gatt-client.c:201)
by 0x4D9BBE: queue_remove_all (queue.c:351)
by 0x4D9C14: queue_destroy (queue.c:73)
by 0x4E0DBB: notify_chrc_free (gatt-client.c:277)
by 0x4D9BBE: queue_remove_all (queue.c:351)
by 0x4D9C14: queue_destroy (queue.c:73)
by 0x4E3860: bt_gatt_client_free (gatt-client.c:1664)
by 0x4E38D0: bt_gatt_client_unref (gatt-client.c:1749)
by 0x45D324: gas_free (gas.c:65)
by 0x45D324: gap_driver_remove (gas.c:254)
by 0x4A72A0: service_remove (service.c:176)
by 0x4B74E9: device_remove (device.c:3865)
by 0x492971: adapter_remove (adapter.c:5236)
Address 0x8cb8830 is 16 bytes inside a block of size 64 free'd
at 0x4C29E00: free (vg_replace_malloc.c:530)
by 0x4E0C69: notify_data_unref (gatt-client.c:207)
by 0x4E58C9: complete_unregister_notify (gatt-client.c:1593)
by 0x4E58C9: bt_gatt_client_unregister_notify (gatt-client.c:2961)
by 0x4A8D77: characteristic_stop_notify (gatt-client.c:1214)
by 0x4D4E82: process_message.isra.3 (object.c:259)
by 0x4D56DC: generic_message (object.c:1071)
by 0x53DD1A2: ??? (in /usr/lib64/libdbus-1.so.3.14.6)
by 0x53CE733: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.14.6)
by 0x4CFADF: message_dispatch (mainloop.c:72)
by 0x50C8E39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C91CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.2)
by 0x50C94F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.2)
Luiz Augusto von Dentz [Mon, 1 Feb 2016 13:08:52 +0000 (15:08 +0200)]
shared/gatt-client: Fix bogus asserts
The asserts involving notify_count were bogus because it should be
possible to disable a notification even before the remote respond to
the write command.
Luiz Augusto von Dentz [Mon, 1 Feb 2016 12:51:14 +0000 (14:51 +0200)]
core/gatt-client: Fix not being able to cancel notifications
While the notification is still in process notifying flag wont be set but
it shall still be possible to cancel it otherwise the client has to wait
until the remote respond which can take a lot of time (up to 30 seconds).
Luiz Augusto von Dentz [Mon, 1 Feb 2016 12:01:47 +0000 (14:01 +0200)]
shared/gatt-client: Fix not resetting request id
The request id shall be reset to 0 after bt_att_cancel has been called.
Andrzej Kaczmarek [Mon, 1 Feb 2016 06:24:17 +0000 (07:24 +0100)]
shared/gatt-client: Make read_long_value more robust
Using "Read Blob Request" on attributes shorter than ATT_MTU - 3 may
return "Attribute Not Long" error on some values, but at the same time
it's ok to read this attribute using "Read Request".
Since using "Read Blob Request" as first request when reading long
characteristic value starting with offset 0 is optional, this patch
changes read_long_value to start with "Read Request" whenever possible
to remove need for caller to take care of such error.
Core v4.2, part F, section 1.3.4.4.5:
If the attribute value has a fixed length that is less than or equal to
(ATT_MTU - 3) octets in length, then an Error Response can be sent with
the error code «Attribute Not Long».
Luiz Augusto von Dentz [Thu, 21 Jan 2016 15:38:02 +0000 (17:38 +0200)]
audio/avrcp: Don't print an error if folder length is 0
Some stacks, for instance iOS, does actually send 0 as folder length
so just ignore if that happens since that means only means the folder
doesn't have a name.
Luiz Augusto von Dentz [Thu, 21 Jan 2016 15:33:06 +0000 (17:33 +0200)]
monitor/avctp: Print <empty> if folder lenght is 0
This is a bit more clear that is was not a parsing error but just that
there is nothing to print:
> ACL Data RX: Handle 256 flags 0x02 dlen 39
Channel: 68 len 35 ctrl 0x0304 [PSM 27 mode 3] {chan 4}
I-frame: Unsegmented TxSeq 2 ReqSeq 3
AVCTP Browsing: Response: type 0x00 label 2 PID 0x110e
AVRCP: SetBrowsedPlayer: len 0x0019
Status: 0x04 (Success)
UIDCounter: 0x0000 (0)
Number of Items: 0x00000002 (2)
CharsetID: 0x006a (UTF-8)
Folder Depth: 0x01 (1)
Folder: <empty>
Luiz Augusto von Dentz [Thu, 21 Jan 2016 13:06:47 +0000 (15:06 +0200)]
audio/avrcp: Fix not always requesting capabilities
This fixes not requesting capabilities of targets that are not player
category, instead just make the creation of the player object
conditional to the category 1 so that GetCapabities is still sent in
order to fetch the supported events which might be still useful even
without a player.
Johan Hedberg [Tue, 26 Jan 2016 20:58:47 +0000 (22:58 +0200)]
tools/btmgmt: Fix canceling pairing
Pairing cancellation needs to be sent with mgmt_reply() rather than
mgmt_send() since otherwise the mgmt library will not send the command
until the response to the original Pair Device command has been
received.
Francois Beaufort [Fri, 22 Jan 2016 14:38:51 +0000 (15:38 +0100)]
client: Update remove command to support removing all devices
Johan Hedberg [Tue, 19 Jan 2016 10:36:14 +0000 (11:36 +0100)]
doc/adapter-api: Add NotSupported error to SetDiscoveryFilter
Johan Hedberg [Tue, 19 Jan 2016 07:21:31 +0000 (08:21 +0100)]
core: Return error if kernel doesn't support Start Service Discovery
The discovery filter feature requires a kernel that supports Start
Service Discovery. This command was introduced in mgmt version 1.8, so
return a proper error if we have something older than that.
Gowtham Anandha Babu [Tue, 8 Dec 2015 11:00:52 +0000 (16:30 +0530)]
test: Add device discovery filter
This patch adds the below mentioned device discovery
filters.
UUIDs, RSSI, Pathloss, Transport.
Luiz Augusto von Dentz [Wed, 6 Jan 2016 15:20:45 +0000 (12:20 -0300)]
core/gatt-database: Fix possible memory leaks
While creating objects it may fail before it is added to its respective
queue leaving the object dangling.
To fix this the object creation now takes care of things like increasing
the attribute count and in case something go wrong free the object
properly.
Luiz Augusto von Dentz [Tue, 5 Jan 2016 17:44:23 +0000 (14:44 -0300)]
gdbus/client: Always call ready callback
Call ready callback regardless of the reply to GetManagedObjects
since otherwise the user code will be left waiting forever when in fact
no proxy will be created.
Luiz Augusto von Dentz [Tue, 5 Jan 2016 17:42:44 +0000 (14:42 -0300)]
test/example-gatt-server: Make use of RegisterApplication
This updates example-gatt-server to use RegisterApplication.
Luiz Augusto von Dentz [Mon, 4 Jan 2016 18:05:28 +0000 (16:05 -0200)]
core/gatt-database: Implement Application API
This implements RegisterApplication/UnregisterApplication that allow
multiple services to be registered at once.
Luiz Augusto von Dentz [Thu, 10 Dec 2015 18:46:16 +0000 (16:46 -0200)]
doc/gatt-api: Make proper use of ObjectManager
ObjectManager path shall not contain other intefaces in its root path, only
child objects shall be included with many bindings following this.
Due to this limitation and also the fact that application might actually
have a single ObjectManager path so all services can be registered at
once.
Johan Hedberg [Tue, 5 Jan 2016 09:17:39 +0000 (11:17 +0200)]
mgmt: Add support for Start Limited Discovery
Mike Ryan [Tue, 29 Dec 2015 01:36:46 +0000 (17:36 -0800)]
doc: fix typos in mgmt-api.txt
Marcel Holtmann [Mon, 28 Dec 2015 02:11:44 +0000 (03:11 +0100)]
Release 5.37
Marcel Holtmann [Sun, 27 Dec 2015 22:08:44 +0000 (23:08 +0100)]
build: Update library version
Marcel Holtmann [Sun, 27 Dec 2015 21:57:13 +0000 (22:57 +0100)]
lib: Update company identifiers
Mike Ryan [Sun, 27 Dec 2015 21:31:00 +0000 (13:31 -0800)]
tools: fix update_compids to parse newly formatted page from SIG
This patch adds tools/parse_companies.pl, a twisted Perl script that
parses the SIG's HTML page in poor taste using regex. Improvements also
include support for non-ASCII entities such as é as well as full
unicode support for Chinese names.
Marcel Holtmann [Sun, 27 Dec 2015 20:48:22 +0000 (21:48 +0100)]
monitor: Update list of GATT UUID information
Marcel Holtmann [Sun, 27 Dec 2015 20:14:39 +0000 (21:14 +0100)]
tools: Add support for MGMT_DEBUG environment variable
John Keeping [Wed, 2 Dec 2015 10:35:00 +0000 (10:35 +0000)]
tools/btattach: install during "make install"
btattach provides access to some line disciplines that are supported by
hciattach, so allow it to be installed and not reserved for developer
use. For now it is still considered an experimental feature.
John Keeping [Wed, 2 Dec 2015 10:34:59 +0000 (10:34 +0000)]
tools/btattach: add manual page
Grant Erickson [Tue, 8 Dec 2015 16:09:02 +0000 (18:09 +0200)]
gdbus: Move typedefs for interwork with strict compilers
Move enumeration type defintions AFTER the enumerations themselves are
declared and defined such that the header works with strict compilers.
This occurs when building a plugin, compiled with C++, and occurs on
all of:
arm-none-linux-gnueabi-g++ (Sourcery G++ Lite 2010q1-202) 4.4.1
arm-poky-linux-gnueabi-g++ (GCC) 4.8.2
g++ (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4