bluetoothd crashed with SIGSEGV in sdp_append_to_buf()

StacktraceTop:sdp_append_to_buf (dst=0xbfbfe520,
sdp_append_to_pdu (pdu=0xbfbfe520, d=0xb9b6d858)
?? ()

Still 100% reproducible with version 4.32-0ubuntu1

Igor, could you try with 4.33 which is available in my PPA, and tell me if it still occurs ?

post the crash and bluetoothd log also in debug mode.

thanks a lot

Hi, I tried the package from your PPA (from 27th March) and I still experience the same issue.
I'm attaching the .crash file from /var/crash and the bluetoothd debug info.

I looked at system logs and I also found this in syslog:
Mar 28 07:05:50 WORKSTATION bluetoothd[6039]: Discovery session 0xb90504b8 with :1.83 activated
Mar 28 07:05:56 WORKSTATION bluetoothd[6039]: link_key_request (sba=00:1A:6B:F0:CC:3A, dba=00:1E:A3:36:8D:29)
Mar 28 07:05:56 WORKSTATION bluetoothd[6039]: pin_code_request (sba=00:1A:6B:F0:CC:3A, dba=00:1E:A3:36:8D:29)
Mar 28 07:06:05 WORKSTATION bluetoothd[6039]: link_key_notify (sba=00:1A:6B:F0:CC:3A, dba=00:1E:A3:36:8D:29, type=0)
Mar 28 07:06:05 WORKSTATION kernel: [ 994.745231] bluetoothd[6039]: segfault at c0c0c0c ip b7f244d3 sp bf8814e0 error 4 in libbluetooth.so.3.2.1[b7f16000+15000]

After logging out and back in I can see that phone appears in the paired devices list and I can browse the files on the phone, however, no device can discover the PC even though I set the option to "always visible".
Bluetooth module is working fine in Win so it's not a hardware malfunction and IIRC 8.04 was the last version of Ubuntu where it worked fine.

Thanks

Looks like I'm experiencing the same bug.
Crashed when trying to pair with my Nokia 6300.

hmm... I am also trying to pair with Nokia 6300... I will try to reproduce this with another phone later.

crashed for me, too. nokia 6288

Crashed for me too. I'm trying to pair with Nokia 6267. I don't know if it's important, but I'm using ubuntu 9.04 64 bits

Crashed for me too with 4.32-0ubuntu4, when pairing with a Nokia 6161.
It crashed both in the 64 and the 32 bit versions of Ubuntu 9.04.
With a Sony Ericsson K800i pairs perfectly.

A buffer overflow parsing remote data in an daemon run by root. I think that this may be a severe security issue.

It isn't so severe, since the user must initiate/allow the pairing with the pirate device.

I have attached a quick fix for this bug. I've forwarded it and eventually it will be fixed upstream.

Could someone please test the above patch with the devices which eventually makes bluetoothd to crash?

Thanks Unai to reporting this back to BlueZ community.

Thanks Vudentz for pushing a fix, sorry I've just seen you attached it.

for any reporter affected by this bug, I made a fix in my ppa https://www.launchpad.net/%7Ebmillemathias/+archive/bmm-jaunty-fix .
Could you test it, and reply here to confirm the patch fixed the problem.

Your fix seems to work, I successfully paired my Nokia 6300 and bluetoothd didn't crash.
Thanks.

On Sun, Jun 7, 2009 at 5:57 PM, Johan van Dijk<email address hidden> wrote:
> Your fix seems to work, I successfully paired my Nokia 6300 and bluetoothd didn't crash.
> Thanks.
>

Hello,

Can someone else test the package with the fix from vudentz, I would
like to have tested by several people before submitting for a SRU.

Regards

--
Baptiste Mille-Mathias
Les gens heureux ne sont pas pressés

I can confirm that the bug is fixed using version from your PPA (4.32-0ubuntu4.2 ).
I now successfully paired my laptop with my Nokia 6300.
Thanks Baptiste and Vudentz!