In a2dp_reconfig, setup is ref-counted by cb_data. However, in the fail
label setup is unref-ed but cb_data is not cleared. This may cause
double unref in the future if cb_data gets executed. Instead, we should
do setup_cb_free to clear cb_data and unref setup.
---
profiles/audio/a2dp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index 0d877b132..1b92352cf 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1719,7 +1719,7 @@ static int a2dp_reconfig(struct a2dp_channel *chan, const char *sender,
return 0;
fail:
- setup_unref(setup);
+ setup_cb_free(cb_data);
return err;
}
--
2.17.1
Hi Sonny,
On Sat, May 30, 2020 at 1:56 AM Sonny Sasaka <[email protected]> wrote:
>
> In a2dp_reconfig, setup is ref-counted by cb_data. However, in the fail
> label setup is unref-ed but cb_data is not cleared. This may cause
> double unref in the future if cb_data gets executed. Instead, we should
> do setup_cb_free to clear cb_data and unref setup.
> ---
> profiles/audio/a2dp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index 0d877b132..1b92352cf 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -1719,7 +1719,7 @@ static int a2dp_reconfig(struct a2dp_channel *chan, const char *sender,
> return 0;
>
> fail:
> - setup_unref(setup);
> + setup_cb_free(cb_data);
> return err;
> }
>
> --
> 2.17.1
Applied, thanks.
--
Luiz Augusto von Dentz