discovery_disconnect crashed because the adapter pointer has been freed
before. This patch makes sure that discovery list is cleaned up before
adapter pointer is freed.
Reviewed-by: Miao-chen Chou <[email protected]>
---
src/adapter.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index 5e896a9f0..c0b02bf3f 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -5316,12 +5316,25 @@ static void free_service_auth(gpointer data, gpointer user_data)
g_free(auth);
}
+static void remove_discovery_list(struct btd_adapter *adapter)
+{
+ g_slist_free_full(adapter->set_filter_list, discovery_free);
+ adapter->set_filter_list = NULL;
+
+ g_slist_free_full(adapter->discovery_list, discovery_free);
+ adapter->discovery_list = NULL;
+}
+
static void adapter_free(gpointer user_data)
{
struct btd_adapter *adapter = user_data;
DBG("%p", adapter);
+ // Make sure the adapter's discovery list is cleaned up before freeing
+ // the adapter.
+ remove_discovery_list(adapter);
+
if (adapter->pairable_timeout_id > 0) {
g_source_remove(adapter->pairable_timeout_id);
adapter->pairable_timeout_id = 0;
@@ -6846,11 +6859,7 @@ static void adapter_stop(struct btd_adapter *adapter)
cancel_passive_scanning(adapter);
- g_slist_free_full(adapter->set_filter_list, discovery_free);
- adapter->set_filter_list = NULL;
-
- g_slist_free_full(adapter->discovery_list, discovery_free);
- adapter->discovery_list = NULL;
+ remove_discovery_list(adapter);
discovery_cleanup(adapter, 0);
--
2.26.2
Hi Sonny,
On Fri, Aug 21, 2020 at 12:42 AM Sonny Sasaka <[email protected]> wrote:
>
> discovery_disconnect crashed because the adapter pointer has been freed
> before. This patch makes sure that discovery list is cleaned up before
> adapter pointer is freed.
>
> Reviewed-by: Miao-chen Chou <[email protected]>
>
> ---
> src/adapter.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index 5e896a9f0..c0b02bf3f 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -5316,12 +5316,25 @@ static void free_service_auth(gpointer data, gpointer user_data)
> g_free(auth);
> }
>
> +static void remove_discovery_list(struct btd_adapter *adapter)
> +{
> + g_slist_free_full(adapter->set_filter_list, discovery_free);
> + adapter->set_filter_list = NULL;
> +
> + g_slist_free_full(adapter->discovery_list, discovery_free);
> + adapter->discovery_list = NULL;
> +}
> +
> static void adapter_free(gpointer user_data)
> {
> struct btd_adapter *adapter = user_data;
>
> DBG("%p", adapter);
>
> + // Make sure the adapter's discovery list is cleaned up before freeing
> + // the adapter.
Please use C style comments.
> + remove_discovery_list(adapter);
> +
> if (adapter->pairable_timeout_id > 0) {
> g_source_remove(adapter->pairable_timeout_id);
> adapter->pairable_timeout_id = 0;
> @@ -6846,11 +6859,7 @@ static void adapter_stop(struct btd_adapter *adapter)
>
> cancel_passive_scanning(adapter);
>
> - g_slist_free_full(adapter->set_filter_list, discovery_free);
> - adapter->set_filter_list = NULL;
> -
> - g_slist_free_full(adapter->discovery_list, discovery_free);
> - adapter->discovery_list = NULL;
> + remove_discovery_list(adapter);
>
> discovery_cleanup(adapter, 0);
>
> --
> 2.26.2
Otherwise it looks good.
--
Luiz Augusto von Dentz
Hi Luiz,
Thanks for the feedback, I have sent a v2 of this patch.
On Fri, Aug 21, 2020 at 10:38 AM Luiz Augusto von Dentz
<[email protected]> wrote:
>
> Hi Sonny,
>
> On Fri, Aug 21, 2020 at 12:42 AM Sonny Sasaka <[email protected]> wrote:
> >
> > discovery_disconnect crashed because the adapter pointer has been freed
> > before. This patch makes sure that discovery list is cleaned up before
> > adapter pointer is freed.
> >
> > Reviewed-by: Miao-chen Chou <[email protected]>
> >
> > ---
> > src/adapter.c | 19 ++++++++++++++-----
> > 1 file changed, 14 insertions(+), 5 deletions(-)
> >
> > diff --git a/src/adapter.c b/src/adapter.c
> > index 5e896a9f0..c0b02bf3f 100644
> > --- a/src/adapter.c
> > +++ b/src/adapter.c
> > @@ -5316,12 +5316,25 @@ static void free_service_auth(gpointer data, gpointer user_data)
> > g_free(auth);
> > }
> >
> > +static void remove_discovery_list(struct btd_adapter *adapter)
> > +{
> > + g_slist_free_full(adapter->set_filter_list, discovery_free);
> > + adapter->set_filter_list = NULL;
> > +
> > + g_slist_free_full(adapter->discovery_list, discovery_free);
> > + adapter->discovery_list = NULL;
> > +}
> > +
> > static void adapter_free(gpointer user_data)
> > {
> > struct btd_adapter *adapter = user_data;
> >
> > DBG("%p", adapter);
> >
> > + // Make sure the adapter's discovery list is cleaned up before freeing
> > + // the adapter.
>
> Please use C style comments.
>
> > + remove_discovery_list(adapter);
> > +
> > if (adapter->pairable_timeout_id > 0) {
> > g_source_remove(adapter->pairable_timeout_id);
> > adapter->pairable_timeout_id = 0;
> > @@ -6846,11 +6859,7 @@ static void adapter_stop(struct btd_adapter *adapter)
> >
> > cancel_passive_scanning(adapter);
> >
> > - g_slist_free_full(adapter->set_filter_list, discovery_free);
> > - adapter->set_filter_list = NULL;
> > -
> > - g_slist_free_full(adapter->discovery_list, discovery_free);
> > - adapter->discovery_list = NULL;
> > + remove_discovery_list(adapter);
> >
> > discovery_cleanup(adapter, 0);
> >
> > --
> > 2.26.2
>
> Otherwise it looks good.
>
> --
> Luiz Augusto von Dentz