Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp789745ybg; Mon, 1 Jun 2020 14:39:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxHnC5KN6O2q8hV6iYpX1UajTjVxTG4iyLXYeuwx40RUCg5V9Q7cJvUBBIiLjpZTlgsPt0 X-Received: by 2002:a17:906:9397:: with SMTP id l23mr18447330ejx.79.1591047595437; Mon, 01 Jun 2020 14:39:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591047595; cv=none; d=google.com; s=arc-20160816; b=zOD6OMBBVjab2TYuBo+K0FmdvCiRlzm2tKMxUEve4CETt3NWiEehFvddeQAY5bEyto XIJhWmoLWRRuc27FWNlTH3B4G1lulgysFlWcvOB+Fy3DbeGMXGAYcifAWMM5ljDxbCRp BvmGGSuEoHNaVTPsn/zpq/TIQqczoITnxVdeiPwYSY+ODADyFOY1s+h/EI97eKPe/rCH rbWELgqwZtlYHwNB3w8x1rpbsSYF/frygCtI5HGDI+g/Xc01dIYag82R3cBw+6kkrXIR jq3BRJgt5RNOaMFR92tqvlohmIleE2QDE0x97OFuhG2GcqbByY45aqqwSn/0C9vE349i vmUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=J3DGPZyXFVCUVK4ptdjFPYjHEGLbSbhhVWGkExQslGk=; b=QxQt4RmwJWeTSqgtQKl23PyNGKO9SM/Y6DB1ho8EawLSUyMZHV1b+d+3/hcOIuvswO U8HpIT3gukb8pIdvchhx6+oOBmr7koyXktIbsQnpoKZQZcBP63sX8KotsIbgf6QIjMCR bhnNhlTNAnxuDe9a1heujKfIqVM1Qh9tbds3xNmHoYcw5JJpOs2hQ0/CVnGz0ynsTe7t aLUCvow9lGrf9zHbLkEcTy452fWZEAp2aXdWZWIqV6qKH7dRRiWU8XfZkYs0wuO8hn1g 21NZ+DSd4bcBNWpxGxWwScP9dChfgEq6MP08zMuNr4boiE/6g2w8bJfGY441r7BgYc+G igag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SCDsnM2S; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f25si403692ejf.743.2020.06.01.14.39.15; Mon, 01 Jun 2020 14:39:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SCDsnM2S; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728483AbgFAVjJ (ORCPT + 99 others); Mon, 1 Jun 2020 17:39:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728450AbgFAVjJ (ORCPT ); Mon, 1 Jun 2020 17:39:09 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 589D7C061A0E for ; Mon, 1 Jun 2020 14:39:05 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id n2so442102pld.13 for ; Mon, 01 Jun 2020 14:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=J3DGPZyXFVCUVK4ptdjFPYjHEGLbSbhhVWGkExQslGk=; b=SCDsnM2SD8QTFlUcoJSl3ZahLiX5i/KGuaxCTL6n2dcypupTP3YQOZRWj92IWs1hEw YCZM2M7KX+XewCRPym7+q1n4Zg013RzljIym1j0uvXk/SUsIQ18mKl9uLrwGdTYa+4zu otiI6vd5lEK70B44Y2V0rodPzn90+59g5rFXeBjtiuYQs3BigcG/v+5ztRV9i55HFJV5 JYiggyJtpiRmcKeNCBZhilvjctzDRNEDly754fHgc+1EyejIea0Mz3bZJUvw8AYkWjWI 0Hch5jC/eErcKIagGyHzlW7bUPf5cFEpReUPXiu1V/XmirT5DTNqa5LMIzoXJ4SqXLmj 6pyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=J3DGPZyXFVCUVK4ptdjFPYjHEGLbSbhhVWGkExQslGk=; b=pxGmje4+utTE2eQ9ldLolF3EEygherxQa7Im2cjoPSVwtkUzIzKF3e0xNgR4olzhIU m0xJewMAS/e6EDBYstQ8K0sypdB00F/bcBFwVy1adJeSC/1JYVs2L/oBx32cpys/w4V1 r05g7ZfLJB7I6YHK0/zNVmmw2tPJgjnlAKR948DmQwMSZ+g9nGe44QVvfRygFrofzevx EOcxdSjMyPYDPCdRC7XAkrJs2EtJJ7FqB4oxo9GJaj2z6xFlklNMa00jlMRasfwTxxzU c4sw/8XMZJYILJ7SXu8wjJ0loATdgtE7CHF7mLf/PGRUf+N6AragNPHu+LLkLKFBTKaP nYkg== X-Gm-Message-State: AOAM533IiDc9tJtI006pxJa/NyoxnB3+yI5fAAqDTy8UY+5UxKAgtRYr BlvAsoWVUKNgRlcfRxwQFkzWzCHI X-Received: by 2002:a17:90a:c215:: with SMTP id e21mr1607110pjt.224.1591047544430; Mon, 01 Jun 2020 14:39:04 -0700 (PDT) Received: from localhost.localdomain (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id s15sm345399pgv.5.2020.06.01.14.39.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2020 14:39:03 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ] a2dp: Fix crash on transport_cb Date: Mon, 1 Jun 2020 14:39:02 -0700 Message-Id: <20200601213902.389278-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.25.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz There have been reports of crashes on transport_cb where the setup would most likely already have been freed but transport_cb would still be called, so instead of assuming the setup pointer would be valid try to lookup the list of active setups and log a warning when it happens. --- profiles/audio/a2dp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index 7f14c880a..d88d1fa69 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -2217,6 +2217,14 @@ static void transport_cb(GIOChannel *io, GError *err, gpointer user_data) { struct a2dp_setup *setup = user_data; uint16_t omtu, imtu; + GSList *l; + + l = g_slist_find(setups, setup); + if (!l) { + warn("bt_io_accept: setup %p no longer valid", setup); + g_io_channel_shutdown(io, TRUE, NULL); + return; + } if (err) { error("%s", err->message); -- 2.25.3