From: Yun-Hao Chung <[email protected]>
In probe_service, if the service already exists in device->services, it
returns the service. This might cause dev_probe and device_probe_profile
to add a duplicate service into device->services. When removing the
device, a double-free error might occur.
This patch changes the logic of probe_service so that the same service
will not be added to a device.
---
Hi maintainers,
This was originally found by removing/reprobing profiles in admin_policy
plugin. Since we are going to adopt the other way to block incoming
connection, this patch is no longer causing any issue, but I think it
is still nice to have to prevent potential crashes.
Thanks,
Howard
src/device.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index faf07ba22270..b29aa195d19b 100644
--- a/src/device.c
+++ b/src/device.c
@@ -4624,8 +4624,11 @@ static struct btd_service *probe_service(struct btd_device *device,
return NULL;
l = find_service_with_profile(device->services, profile);
+ /* If the service already exists, return NULL so that it won't be added
+ * to the device->services.
+ */
if (l)
- return l->data;
+ return NULL;
service = service_create(device, profile);
--
2.32.0.402.g57bb445576-goog