Closed Bug 1081981 Opened 10 years ago Closed 10 years ago

[Bluetooth] Investigate RSSI value

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(blocking-b2g:2.1+, firefox34 wontfix, firefox35 wontfix, firefox36 fixed, b2g-v2.1 fixed, b2g-v2.2 fixed)

RESOLVED FIXED
2.1 S7 (24Oct)
blocking-b2g 2.1+
Tracking Status
firefox34 --- wontfix
firefox35 --- wontfix
firefox36 --- fixed
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed

People

(Reporter: tzimmermann, Assigned: tzimmermann)

Details

Attachments

(1 file)

The Bluedroid header says that the value for BT_PROPERTY_TYPE_REMOTE_RSSI is of type int32_t. The actual transfered value is of int8_t, however. We should investigate which is correct and handle the value accordingly.
Just checked that Bluedroid internally handles the RSSI value as 8-bit value, so we should probably too.
[Blocking Requested - why for this release]:

This bug was introduced in v2.1. It's an out-of-bounds array access, which results in undefined behavior, including a segmentation fault.
blocking-b2g: --- → 2.1?
Comment on attachment 8504560 [details] [diff] [review]
[01] Bug 1081981: Fix Out-of-bounds read when decoding BT properties

Approval Request Comment
[Feature/regressing bug #]:

Bug 1048915, patch [02]

  https://bug1048915.bugzilla.mozilla.org/attachment.cgi?id=8472977

[User impact if declined]:

Gecko might crash because of undefined behavior.

[Describe test coverage new/current, TBPL]:

Tested manually. There is no STR, because the actual bug hasn't been observed AFAIK; and was only discovered by reviewing the source code.

[Risks and why]: 

Very small. It's a trivial one-line change.

[String/UUID change made/needed]:

None
Attachment #8504560 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/2ba4fdfe442c
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.1 S7 (24Oct)
Attachment #8504560 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8504560 [details] [diff] [review]
[01] Bug 1081981: Fix Out-of-bounds read when decoding BT properties

This almost certainly needs a b2g34 approval request at this point, not Aurora35.
Attachment #8504560 - Flags: approval-mozilla-aurora+ → approval-mozilla-b2g34?
Crashes should block.  This likely also needs uplift approval but I'm not sure.
blocking-b2g: 2.1? → 2.1+
Attachment #8504560 - Flags: approval-mozilla-b2g34? → approval-mozilla-b2g34+
Unable to verify as per comment 5, no STR it has been discovered by reviewing the source code.
QA Whiteboard: [QAnalyst-Triage?][QAnalyst-verify-]
Flags: needinfo?(ktucker)
QA Whiteboard: [QAnalyst-Triage?][QAnalyst-verify-] → [QAnalyst-Triage+][QAnalyst-verify-]
Flags: needinfo?(ktucker)
You need to log in before you can comment on or make changes to this bug.