Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Sun, 10 Aug 2025 07:30:08 +0000 you wrote:
> This fixes a buffer overflow found by OSS-Fuzz. The ASan stacktrace for
> this is:
>
> ```
> =================================================================
> ==402==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7c960dd00030 at pc 0x59331ced5b8d bp 0x7fffedcc0c50 sp 0x7fffedcc0c48
> WRITE of size 1 at 0x7c960dd00030 thread T0
> #0 0x59331ced5b8c in sdp_xml_parse_uuid128 bluez/src/sdp-xml.c:128:17
> #1 0x59331ced5b8c in sdp_xml_parse_uuid bluez/src/sdp-xml.c:146:9
> #2 0x59331ced3529 in sdp_xml_parse_datatype bluez/src/sdp-xml.c:428:10
> #3 0x59331ced3529 in element_start bluez/src/sdp-xml.c:498:32
> #4 0x59331cf26628 in emit_start_element glib/glib/gmarkup.c:1010:5
> #5 0x59331cf258d7 in g_markup_parse_context_parse glib/glib/gmarkup.c:1369:17
> #6 0x59331ced1969 in sdp_xml_parse_record bluez/src/sdp-xml.c:621:6
> #7 0x59331ced8cc9 in LLVMFuzzerTestOneInput /src/fuzz_xml.c:30:9
> #8 0x59331ced1879 in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:255:7
> #9 0x59331ced1675 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0
> #10 0x59331ced122d in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:311:10
> #11 0x7c961015c082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
> #12 0x59331cdf8a2d in _start
> ```
>
> [...]
Here is the summary with links:
- [BlueZ,1/1] Fix buffer overflow in sdp_xml_parse_uuid128
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=013b3431c58d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
