Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5567921ybf; Thu, 5 Mar 2020 03:05:00 -0800 (PST) X-Google-Smtp-Source: ADFU+vup5G96jukVq8iXnOQCrBrCBwErz5j/NQCHeakehY5dcxwxwQs51m9idJwdbfLtX6yoySe3 X-Received: by 2002:a05:6808:a08:: with SMTP id n8mr5301700oij.91.1583406300094; Thu, 05 Mar 2020 03:05:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583406300; cv=none; d=google.com; s=arc-20160816; b=hg2+FC3EmewfZS3cSsqcbMlanoZHLXE7Btcr6M2WG1IWuDyy+07981O7EssgoUYHW8 1SX8l2d6nzCC6QnXdFIX2/ZQGI3IY0QemruWFicu1IM/XvdeVz8uM7BgwR8M+B2TtFkR SP7L4V3CBxurhVXGq0h94ZEALr2SJ2uCI7SIWLj6tShFnkaDmEo52p+quAHXamMMMARE e7rt8/I9rD5lbB88Hsy0xZhQmjsmZrsN4ukbBJtE4MUX7UjmsCG6hsyQu63hkw4/lBnB 56P1+m8Ui8xFeVkl6UOAvmPlRAJpS5gWFqQXktDjBT9Ckk/zyOW9WaeOr7to/IsBsnY4 fW0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=40RegrjQ0uhIkykj0kL7AG4CRI+gslX64W+LbXlWAC4=; b=hUQWIVvsveow98dcxX0ilOkqUg2tIcWmCcXVPw1en+jWgN88CECHYkXTXcdzsy5KMS LcODtzGgpbeIZg/ic2at8UiktVs/1u8eeExzyKaW35Zh0kFA65U4pVuiXRdyKwwAQxGG IUUhjCdNASV7eBejPwisAPCTpu68zRlENFAFCiJZJipNAkqxc/lK0/TvaCygld0qWLDE qHc6ms1irVChcEeoPT6Dg0SYlH/vtAgMmLLKRn6Farrl9+9pwSNx9Yo1ohcFF2xyxbJa RV8DfR7fuDYiQ2r1dU+gl7bRHRvd/6NsV1ZON55/2YZZCNO1IYsqJyUZ0Q8AtIBrNwCb bC4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Gz/16O9L"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d125si3053658oia.86.2020.03.05.03.04.35; Thu, 05 Mar 2020 03:05:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Gz/16O9L"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725946AbgCELDx (ORCPT + 99 others); Thu, 5 Mar 2020 06:03:53 -0500 Received: from mail-pf1-f201.google.com ([209.85.210.201]:51198 "EHLO mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725903AbgCELDx (ORCPT ); Thu, 5 Mar 2020 06:03:53 -0500 Received: by mail-pf1-f201.google.com with SMTP id r13so3458929pfr.17 for ; Thu, 05 Mar 2020 03:03:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=40RegrjQ0uhIkykj0kL7AG4CRI+gslX64W+LbXlWAC4=; b=Gz/16O9LMGROHAYLhiswzkjw3HaQRoPNcGravZIPSkNsv+laaxK4dHhCmyLHDkEa6c A5vaIjif7fe8hc9hcFv68hoIL3DIT/bWUql3Bb1AovsPcw68Q6SbnrfUjZPEidnbHh4G U3f3ktyCGhojtiNxxyR3KwdL0CFNqP0vewWknAEZ6IVIlL3EAWgCbFnWlPuT4YtUGPrT eoak1Jx23jy+LQHyX82XswphVD7682W9FrH+j7mPb9dcDJ7OQmck/aXPx7WKHQQK4uL2 0DHTdKqIa87ubEwEv7Mp/h1y1KPeZWA0Nm1UBrIWcLbDiOVS4WP6qY85wgM/c24aJa6Q diQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=40RegrjQ0uhIkykj0kL7AG4CRI+gslX64W+LbXlWAC4=; b=MfkbFG6pYz2odHZevjE/lsnbTGv8IITsYWYRhp/s4x2ZeHJqk4Be2nqZI9GHV6gbGg qxwDdPofo87c6qRB/tvgKWkzy50dOH7r2QZQlpY/UUieuGJZ+hoNqP04LUMjyf/uq7uN cv4Ht9+oeKRVOsokPEwCsdAKZLLMMfObH1IF08SDR7JZ3PqVMxY6vok0+VIBzsBGBjzg Xsyg4cc8KTqtsafofuUmCao5k0QCXvwdpiGlcRKhlQzCWgGGhMC0tf0NWSr0gwKdgrF1 EDFSY385jnWNrsv87eaGLJBJDGJHrHoIOC8sIgk5GTTl7Dn4Jfxd0bm/wFU+5HuDe7NW T0Bg== X-Gm-Message-State: ANhLgQ3AQ+a7Ny7C9lIW7vOY9cuvUXgLHSEK2JRoRQKI6stpedQlesgz bHWssPRBt2/jUgqG0KFLUj9A9PU40B/Z4QJ1ffCPVZkYNOZ880sZjiIWQWv0+RpVE2brCY1W77G xh43L7TBMewMk8mn3kbEWaiecVT+bs5U3n6K05zFVpAsl9T8S1PNCePwWgEfievvfHitLMxb9Zj /3NKO3i/O7+Kw= X-Received: by 2002:a63:4707:: with SMTP id u7mr7265196pga.221.1583406230475; Thu, 05 Mar 2020 03:03:50 -0800 (PST) Date: Thu, 5 Mar 2020 19:03:40 +0800 Message-Id: <20200305185904.Bluez.v1.1.I6c78c0eb9826eb17c944c4903132ee75c1324136@changeid> Mime-Version: 1.0 X-Mailer: git-send-email 2.25.0.265.gbab2e86ba0-goog Subject: [Bluez PATCH v1] avdtp: Fix crashes in avdtp_abort From: Howard Chung To: linux-bluetooth@vger.kernel.org, luiz.von.dentz@intel.com Cc: chromeos-bluetooth-upstreaming@chromium.org, Howard Chung Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Initialized avdtp_local_sep later since stream could be NULL. --- profiles/audio/avdtp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index 0e075f9ff..12d984866 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -3566,7 +3566,7 @@ int avdtp_abort(struct avdtp *session, struct avdtp_stream *stream) { struct seid_req req; int ret; - struct avdtp_local_sep *sep = stream->lsep; + struct avdtp_local_sep *sep; if (!stream && session->discover) { /* Don't call cb since it being aborted */ @@ -3581,6 +3581,7 @@ int avdtp_abort(struct avdtp *session, struct avdtp_stream *stream) if (stream->lsep->state == AVDTP_STATE_ABORTING) return -EINVAL; + sep = stream->lsep; avdtp_sep_set_state(session, sep, AVDTP_STATE_ABORTING); if (session->req && stream == session->req->stream) -- 2.25.0.265.gbab2e86ba0-goog