[PW_SID:1102899] [1/1] Bluetooth: hci_codec: validate capability record length by BluezTestBot · Pull Request #255 · bluez/bluetooth-next

BluezTestBot · 2026-05-29T14:33:13Z

hci_read_codec_capabilities() validates each capability entry before
adding its serialized size to len and advancing the skb.

The current check only compares skb->len against caps->len, even
though the code consumes the length byte and the payload. Validate
the full record size so the cached capability length matches the
bytes available in the command response.

Fixes: `8961987` ("Bluetooth: Enumerate local supported codec and cache details")
Cc: stable@kernel.org
Reported-by: Yuan Tan yuantan098@gmail.com
Reported-by: Zhengchuan Liang zcliangcn@gmail.com
Reported-by: Xin Liu bird@lzu.edu.cn
Assisted-by: Codex:GPT-5.4
Signed-off-by: Yuqi Xu xuyq21@lenovo.com
Signed-off-by: Ren Wei n05ec@lzu.edu.cn

net/bluetooth/hci_codec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

hci_read_codec_capabilities() validates each capability entry before adding its serialized size to len and advancing the skb. The current check only compares skb->len against caps->len, even though the code consumes the length byte and the payload. Validate the full record size so the cached capability length matches the bytes available in the command response. Fixes: 8961987 ("Bluetooth: Enumerate local supported codec and cache details") Cc: stable@kernel.org Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Assisted-by: Codex:GPT-5.4 Signed-off-by: Yuqi Xu <xuyq21@lenovo.com> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>

github-actions · 2026-05-29T14:47:11Z

CheckPatch
Desc: Run checkpatch.pl script
Duration: 0.60 seconds
Result: FAIL
Output:

[1/1] Bluetooth: hci_codec: validate capability record length
WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report
#89: 
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>

WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report
#90: 
Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>

WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report
#91: 
Reported-by: Xin Liu <bird@lzu.edu.cn>
Assisted-by: Codex:GPT-5.4

total: 0 errors, 3 warnings, 0 checks, 8 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/patch/14601083.patch has style problems, please review.

NOTE: Ignored message types: UNKNOWN_COMMIT_ID

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

github-actions · 2026-05-29T14:47:14Z

VerifyFixes
Desc: Verify Fixes tag format and validity
Duration: 0.09 seconds
Result: PASS

github-actions · 2026-05-29T14:47:17Z

VerifySignedoff
Desc: Verify Signed-off-by chain
Duration: 0.09 seconds
Result: PASS

github-actions · 2026-05-29T14:47:20Z

GitLint
Desc: Run gitlint
Duration: 0.25 seconds
Result: PASS

github-actions · 2026-05-29T14:47:23Z

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.47 seconds
Result: PASS

github-actions · 2026-05-29T14:47:56Z

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 26.89 seconds
Result: PASS

github-actions · 2026-05-29T14:48:31Z

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 28.89 seconds
Result: PASS

github-actions · 2026-05-29T14:49:05Z

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 27.74 seconds
Result: PASS

github-actions · 2026-05-29T14:49:38Z

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 25.94 seconds
Result: PASS

github-actions · 2026-05-29T14:59:15Z

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 574.02 seconds
Result: PASS

github-actions · 2026-05-29T15:00:18Z

TestRunner_l2cap-tester
Desc: Run l2cap-tester with test-runner
Duration: 60.78 seconds
Result: PASS

github-actions · 2026-05-29T15:01:41Z

TestRunner_iso-tester
Desc: Run iso-tester with test-runner
Duration: 80.04 seconds
Result: PASS

github-actions · 2026-05-29T15:02:04Z

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 19.62 seconds
Result: PASS

github-actions · 2026-05-29T15:05:48Z

TestRunner_mgmt-tester
Desc: Run mgmt-tester with test-runner
Duration: 221.48 seconds
Result: FAIL
Output:

Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.238 seconds

github-actions · 2026-05-29T15:06:16Z

TestRunner_rfcomm-tester
Desc: Run rfcomm-tester with test-runner
Duration: 25.72 seconds
Result: PASS

github-actions · 2026-05-29T15:06:52Z

TestRunner_sco-tester
Desc: Run sco-tester with test-runner
Duration: 33.76 seconds
Result: PASS

github-actions · 2026-05-29T15:07:22Z

TestRunner_ioctl-tester
Desc: Run ioctl-tester with test-runner
Duration: 26.62 seconds
Result: PASS

github-actions · 2026-05-29T15:07:51Z

TestRunner_mesh-tester
Desc: Run mesh-tester with test-runner
Duration: 26.89 seconds
Result: FAIL
Output:

Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.550 seconds
Mesh - Send cancel - 2                               Timed out    1.993 seconds

github-actions · 2026-05-29T15:08:17Z

TestRunner_smp-tester
Desc: Run smp-tester with test-runner
Duration: 24.22 seconds
Result: PASS

github-actions · 2026-05-29T15:08:41Z

TestRunner_userchan-tester
Desc: Run userchan-tester with test-runner
Duration: 21.02 seconds
Result: PASS

github-actions · 2026-05-29T15:09:07Z

TestRunner_6lowpan-tester
Desc: Run 6lowpan-tester with test-runner
Duration: 24.16 seconds
Result: PASS

github-actions · 2026-05-29T15:09:39Z

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 25.60 seconds
Result: PASS

github-actions Bot added the area:hci label May 29, 2026

Conversation

BluezTestBot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants