From: Luiz Augusto von Dentz <[email protected]>
This fixes not removing the process_id timeout when freeing the session
which can cause the following crash:
Invalid read of size 8
at 0x18EB39: bap_debug (bap.c:553)
by 0x1913A8: bap_process_queue (bap.c:3542)
by 0x1A8630: timeout_callback (timeout-glib.c:25)
Address 0x55e0650 is 128 bytes inside a block of size 160 free'd
at 0x48480E4: free (vg_replace_malloc.c:872)
---
src/shared/bap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index f48cbdf5d6f9..52878fcf0368 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -2586,6 +2586,8 @@ static void bap_free(void *data)
{
struct bt_bap *bap = data;
+ timeout_remove(bap->process_id);
+
bt_bap_detach(bap);
bap_db_free(bap->rdb);
--
2.40.0