Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.0
-
None
-
-
30e04016cf8ab757d8cb89ee8b0adfa137915bb8 in 5.13 for the new implementation 6aade96108f48d20382950aff5610e0df24e5616 (qt/qtconnectivity/5.12)
Description
When trying to read a CCCD value, the system crashs with invalid memory usage reported in QByteArray.
It's easy to reproduce but I did not took time to isolate the issue in a sample program. But a simple look at the code makes it easy to identify the flaw:
In bluetooth\qlowenergycontroller_winrt.cpp
In QLowEnergyControllerPrivateWinRT::readDescriptor, there is a special piece of code for CCCD:
if (descData.uuid == QBluetoothUuid(QBluetoothUuid::ClientCharacteristicConfiguration))
Then we create a readCompletedLambda function taking a pointer to descData. But descData is a local object, when readCompletedLambda is invoked, after the current function returned, it gets a reference to an object that does not exist anymore. When it tries to use it (descData.value = QByteArray(2, Qt::Uninitialized)), the system crashs.
I experience the crash using Win10 on a laptop.
Attachments
For Gerrit Dashboard: QTBUG-75070 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
258710,2 | winrt: Fix reading of descriptor values | 5.12 | qt/qtconnectivity | Status: MERGED | +2 | 0 |