LinuxLists.cc - [BlueZ PATCH 4/4] device: Fix crash when removing device

2022-02-11 01:27:14

Subject: [BlueZ PATCH 4/4] device: Fix crash when removing device

From: Luiz Augusto von Dentz <[email protected]>

Calling btd_adapter_remove_device from device_remove_connection can
cause a crash, so instead of removing it immediatelly this set a the
temporary timeout to 0.

Fixes: https://github.com/bluez/bluez/issues/290
---
src/device.c | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/device.c b/src/device.c
index 6a7bdd207..52e2399dd 100644
--- a/src/device.c
+++ b/src/device.c
@@ -3200,6 +3200,28 @@ void device_add_connection(struct btd_device *dev, uint8_t bdaddr_type)
"Connected");
}

+static bool device_disappeared(gpointer user_data)
+{
+ struct btd_device *dev = user_data;
+
+ dev->temporary_timer = 0;
+
+ btd_adapter_remove_device(dev->adapter, dev);
+
+ return FALSE;
+}
+
+static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
+{
+ clear_temporary_timer(dev);
+
+ if (!timeout)
+ return;
+
+ dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
+ dev, NULL);
+}
+
void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
{
struct bearer_state *state = get_state(device, bdaddr_type);
@@ -3285,7 +3307,7 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
DEVICE_INTERFACE, "Connected");

if (remove_device)
- btd_adapter_remove_device(device->adapter, device);
+ set_temporary_timer(device, 0);
}

guint device_add_disconnect_watch(struct btd_device *device,
@@ -4590,28 +4612,6 @@ void device_set_le_support(struct btd_device *device, uint8_t bdaddr_type)
store_device_info(device);
}

-static bool device_disappeared(gpointer user_data)
-{
- struct btd_device *dev = user_data;
-
- dev->temporary_timer = 0;
-
- btd_adapter_remove_device(dev->adapter, dev);
-
- return FALSE;
-}
-
-static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
-{
- clear_temporary_timer(dev);
-
- if (!timeout)
- return;
-
- dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
- dev, NULL);
-}
-
void device_update_last_seen(struct btd_device *device, uint8_t bdaddr_type)
{
if (bdaddr_type == BDADDR_BREDR)
--
2.25.1