Bluetooth: TBS: Fix TBS API accessing NULL inst #90613
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue in the TBS API where a mutex was accessed on a NULL instance, and it standardizes the control flow for error checking across several TBS functions. Key changes include:
- Reordering the NULL-check to occur before taking the mutex.
- Replacing the local variable “status” with “ret” for storing return values.
- Standardizing function structure and logging messages across the API.
Thalley
force-pushed
the
tbs_null_pointer_fix
branch
from
566b050 to
98d9ad1
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR ensures TBS API functions check for a NULL instance before taking the mutex and unifies the variable names/structure across those functions.
- Reordered NULL checks ahead of
k_mutex_lockin all TBS API calls - Replaced
statuswithretand made struct initializers use a consistent braced layout - Added
LOG_DBGmessages for lookup failures
Comments suppressed due to low confidence (2)
subsys/bluetooth/audio/tbs.c:2525
- In
bt_tbs_join, the count passed tojoin_callsshould be clamped toCONFIG_BT_TBS_MAX_CALLS(e.g.,MIN(call_index_cnt, CONFIG_BT_TBS_MAX_CALLS)) to match the earliermemcpyand avoid out-of-bounds processing.
ret = join_calls(inst, ccp, call_index_cnt);
subsys/bluetooth/audio/tbs.c:2502
- [nitpick] For consistency with the rest of the TBS API, consider returning a TBS-specific result code (e.g.,
BT_TBS_RESULT_CODE_INVALID_CALL_INDEXor a dedicated invalid-parameter code) instead of a raw-EINVAL.
return -EINVAL;
98d9ad1 to
89765bf
Compare
github-actions
bot
requested review from
asbjornsabo,
babrsn,
Casper-Bonde-Bose,
fredrikdanebjer,
jhedberg,
jthm-ot,
larsgk,
MariuszSkamra,
niym-ot,
pin-zephyr and
sjanc
Thalley
force-pushed
the
tbs_null_pointer_fix
branch
from
89765bf to
2b262ba
Compare
Some TBS API functions attempted to take the mutex of an instance before the NULL check. Reorder the checks of the functions, and also modify function to be more similar (using the same terms and structure). Signed-off-by: Emil Gydesen <[email protected]>
Thalley
force-pushed
the
tbs_null_pointer_fix
branch
from
2b262ba to
7f651cf
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some TBS API functions attempted to take the mutex of an instance before the NULL check.
Reorder the checks of the functions, and also modify function to be more similar (using the same terms and structure).
fixes #90552
fixes #90527