From: Luiz Augusto von Dentz <[email protected]>
The value returned by dbus_message_iter_get_fixed_array is a reference
and shall not be freed:
'The returned value is by reference and should not be freed.'
---
profiles/audio/bap.c | 31 ++++++++++++++++++++++---------
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index 18872329d4ac..48a1a4f86f8d 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -365,19 +365,17 @@ static const GDBusPropertyTable ep_properties[] = {
{ }
};
-static int parse_array(DBusMessageIter *iter, struct iovec **iov)
+static int parse_array(DBusMessageIter *iter, struct iovec *iov)
{
DBusMessageIter array;
if (!iov)
return 0;
- if (!(*iov))
- *iov = new0(struct iovec, 1);
-
dbus_message_iter_recurse(iter, &array);
- dbus_message_iter_get_fixed_array(&array, &(*iov)->iov_base,
- (int *)&(*iov)->iov_len);
+ dbus_message_iter_get_fixed_array(&array, &iov->iov_base,
+ (int *)&iov->iov_len);
+
return 0;
}
@@ -594,10 +592,15 @@ static int parse_bcast_qos(const char *key, int var, DBusMessageIter *iter,
dbus_message_iter_get_basic(iter, &qos->bcast.timeout);
} else if (!strcasecmp(key, "BCode")) {
+ struct iovec iov;
+
if (var != DBUS_TYPE_ARRAY)
return -EINVAL;
- parse_array(iter, &qos->bcast.bcode);
+ parse_array(iter, &iov);
+
+ util_iov_free(qos->bcast.bcode, 1);
+ qos->bcast.bcode = util_iov_dup(&iov, 1);
} else {
int err;
@@ -653,6 +656,9 @@ static int parse_configuration(DBusMessageIter *props, struct iovec **caps,
struct bt_bap_qos *qos)
{
const char *key;
+ struct iovec iov;
+
+ memset(&iov, 0, sizeof(iov));
while (dbus_message_iter_get_arg_type(props) == DBUS_TYPE_DICT_ENTRY) {
DBusMessageIter value, entry;
@@ -670,14 +676,20 @@ static int parse_configuration(DBusMessageIter *props, struct iovec **caps,
if (var != DBUS_TYPE_ARRAY)
goto fail;
- if (parse_array(&value, caps))
+ if (parse_array(&value, &iov))
goto fail;
+
+ util_iov_free(*caps, 1);
+ *caps = util_iov_dup(&iov, 1);
} else if (!strcasecmp(key, "Metadata")) {
if (var != DBUS_TYPE_ARRAY)
goto fail;
- if (parse_array(&value, metadata))
+ if (parse_array(&value, &iov))
goto fail;
+
+ util_iov_free(*metadata, 1);
+ *metadata = util_iov_dup(&iov, 1);
} else if (!strcasecmp(key, "QoS")) {
if (var != DBUS_TYPE_ARRAY)
goto fail;
@@ -1202,6 +1214,7 @@ static void select_cb(struct bt_bap_pac *pac, int err, struct iovec *caps,
goto done;
}
+ util_iov_free(ep->caps, 1);
ep->caps = util_iov_dup(caps, 1);
if (metadata && metadata->iov_base && metadata->iov_len) {
--
2.41.0