)]}'
{"id":"LineageOS%2Fandroid_packages_modules_Bluetooth~366326","triplet_id":"LineageOS%2Fandroid_packages_modules_Bluetooth~lineage-20.0~I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724","project":"LineageOS/android_packages_modules_Bluetooth","branch":"lineage-20.0","topic":"T_asb_2023-09","hashtags":[],"change_id":"I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724","subject":"Fix UAF in gatt_cl.cc","status":"MERGED","created":"2023-09-16 16:53:39.000000000","updated":"2023-09-18 13:51:29.000000000","submitted":"2023-09-18 13:51:29.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"366323-T_asb_2023-09","meta_rev_id":"2e929ccfc6ea0db4a72fff255bdd2ba774e0b298","_number":366326,"virtual_id_number":366326,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"f7335e06459c60f1fb2ff0d2abe1824424cc8460","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2023-09-16 16:53:39.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"2e929ccfc6ea0db4a72fff255bdd2ba774e0b298","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2023-09-18 13:51:29.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"d03a3020de69143b1fe8129d75e55f14951dd192","revisions":{"fba0f4c7f90ce16eb371566e214f198dafa92ca2":{"kind":"REWORK","_number":1,"created":"2023-09-16 16:53:39.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/26/366326/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/26/366326/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1 \u0026\u0026 git checkout -b change-366326 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"e76734b2b1d1a3e768adf4126d007c017b59d100","subject":"Fix potential abort in btu_av_act.cc","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/e76734b2b1d1a3e768adf4126d007c017b59d100"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2023-04-11 23:05:45.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2023-09-16 14:45:04.000000000","tz":-360},"subject":"Fix UAF in gatt_cl.cc","message":"Fix UAF in gatt_cl.cc\n\ngatt_cl.cc accesses a header field after the buffer holding it may have\nbeen freed.\n\nTrack the relevant state as a local variable instead.\n\nBug: 274617156\nTest: atest: bluetooth, validated against fuzzer\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cbaa83627b328eee8f2e26188909a5ebfb0388d5)\nMerged-In: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724\nChange-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/fba0f4c7f90ce16eb371566e214f198dafa92ca2"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/fba0f4c7f90ce16eb371566e214f198dafa92ca2"}]},"branch":"refs/heads/lineage-20.0"},"d03a3020de69143b1fe8129d75e55f14951dd192":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2023-09-18 13:51:29.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/26/366326/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/26/366326/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2 \u0026\u0026 git checkout -b change-366326 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/26/366326/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"b7ea57f620436c83a9766f928437ddadaa232e3a","subject":"Fix potential abort in btu_av_act.cc","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/b7ea57f620436c83a9766f928437ddadaa232e3a"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2023-04-11 23:05:45.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2023-07-14 17:32:20.000000000","tz":0},"subject":"Fix UAF in gatt_cl.cc","message":"Fix UAF in gatt_cl.cc\n\ngatt_cl.cc accesses a header field after the buffer holding it may have\nbeen freed.\n\nTrack the relevant state as a local variable instead.\n\nBug: 274617156\nTest: atest: bluetooth, validated against fuzzer\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cbaa83627b328eee8f2e26188909a5ebfb0388d5)\nMerged-In: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724\nChange-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/d03a3020de69143b1fe8129d75e55f14951dd192"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/d03a3020de69143b1fe8129d75e55f14951dd192"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}