Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.4, 5.13.1, 5.14.0 Alpha
Affects Version/s: 5.12.0
Component/s: Connectivity: Bluetooth
Labels:
None

Platform/s:

Windows, WinRT
Commits:
30e04016cf8ab757d8cb89ee8b0adfa137915bb8 in 5.13 for the new implementation 6aade96108f48d20382950aff5610e0df24e5616 (qt/qtconnectivity/5.12)

Description

When trying to read a CCCD value, the system crashs with invalid memory usage reported in QByteArray.

It's easy to reproduce but I did not took time to isolate the issue in a sample program. But a simple look at the code makes it easy to identify the flaw:

In bluetooth\qlowenergycontroller_winrt.cpp

In QLowEnergyControllerPrivateWinRT::readDescriptor, there is a special piece of code for CCCD:

if (descData.uuid == QBluetoothUuid(QBluetoothUuid::ClientCharacteristicConfiguration))

Then we create a readCompletedLambda function taking a pointer to descData. But descData is a local object, when readCompletedLambda is invoked, after the current function returned, it gets a reference to an object that does not exist anymore. When it tries to use it (descData.value = QByteArray(2, Qt::Uninitialized)), the system crashs.

I experience the crash using Win10 on a laptop.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Oliver Wolff

Reporter:: Jean Porcherot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09 Apr '19 18:41

Updated:: 29 Jul '19 12:36

Resolved:: 15 Apr '19 13:46

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

winrt: Fix reading of descriptor values: Gerrit Review: