Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1446092iog; Tue, 14 Jun 2022 06:18:17 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vcxno5R8r08qOrJYfkdyo3qHwAWojRMUVDT4xZqmDYXCENKWItS6300UWKmOl9K04fJUjW X-Received: by 2002:a17:90b:3ec3:b0:1e8:844f:6d43 with SMTP id rm3-20020a17090b3ec300b001e8844f6d43mr4652294pjb.112.1655212697306; Tue, 14 Jun 2022 06:18:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655212697; cv=none; d=google.com; s=arc-20160816; b=KS2ba85BdzteDuacYc7UhH4KvxBo0fNz0OVb+x6m3vYe+KeQztEhjFvX2j1JJiVazW gh0iyNIGQ9gByP6Zonx7xJA9yp+794UxcPFQTztoThAW5JLfZWslbGHTzrnIp2/gZ4+B Iq9L8tjNpblhhEmOb05pwghqnLF4ZpuFSLqHFO7d1OhAzpCe1/JXg9HEidvzLDTzlaDH UQGnFZNTNvT3h54Qj5U6rOZpG9Jclhy78XKN4eq1QjE1/fJgYlKx3dLH0/56h+i0nykp J7dOWFek3R9rbKRU3/h19H6uVtCqJlfPwmdzBByQfX2imaIg6N/QPt/ANpS1n00+9klP ufDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:feedback-id:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from; bh=q3X7Fa53Y3PoD2UTH3DiD1m4nRtZ6PHbv+qmMf03NAQ=; b=P1pdSVQ+Ma94D28EXw1n2oWA6NmssX71Kd5F2118fosZKK+JogQ9PuV9WeFb7ZPe1D KM9MB7hE4+OjsSVEJUd3Kna1RbdPWPnB/ebLL6uWrYaTk3OEDRnAaNTfrkyKMHmq/Q2u WxcZl1sXPGDvURBjvlsnxu/5HCGXTWqRbGEZ7GKHJ8OywDP3Hc45UNo+UXZasA9ZnnvN N8C9eLYiG0/2twTndyKSWCE6u4k/Eqj+DIYc0yUi+fOFZiD313sdyM5n96ogTzvc6SHa NjoN+1tnsNXyZ9n0wCyNVvOg+WHB7OLZgUaOASqYEB/M7z9uZIboVLnfZHAuczYKa8hg og9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f13-20020a170902f38d00b0016151c9be11si11724479ple.468.2022.06.14.06.17.32; Tue, 14 Jun 2022 06:18:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236268AbiFNNQN (ORCPT + 99 others); Tue, 14 Jun 2022 09:16:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244132AbiFNNQM (ORCPT ); Tue, 14 Jun 2022 09:16:12 -0400 Received: from smtpbguseast3.qq.com (smtpbguseast3.qq.com [54.243.244.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5354F381A3 for ; Tue, 14 Jun 2022 06:16:10 -0700 (PDT) X-QQ-mid: bizesmtp69t1655212556tp9f1ec5 Received: from localhost.localdomain ( [113.57.152.160]) by bizesmtp.qq.com (ESMTP) with id ; Tue, 14 Jun 2022 21:15:51 +0800 (CST) X-QQ-SSF: 01400000002000C0D000000A0000000 X-QQ-FEAT: wpAWin5TxhugTPsp85FyeoqPR9MJGDpEWdvW91+U/rzuYmhEfHjomxsqpOZ4h ox0ci0pt4JZey6UlmmGF2TMX+rliSn0gAgT/jIDLjX4KajF14UFWHwDaEzIZkQ28PHQ0Xfx k2N3ugn4X7Q+e6LodrpRa556sQxURfSNqm/dLtUo/VI7wlnF5hzZmLxexeP4dXLLCK66HJe zt1Ez42hVStzyE75eQve/z1edZGwjfIYnHkY1AWwe11t0pHLdpI8Ag6NL9s9ozeXStHz7Op QJvZwx2aqXuZicNMDGjfKJ9Mkrlk7rQttUHgwhnp4k9bGrPlfqq2LyYsLBJr8ShzCXAAGjp xI/gWXkUvyItOivzJOw4rZ/2F2TnQ== X-QQ-GoodBg: 1 From: wangyouwan To: linux-bluetooth@vger.kernel.org Cc: wangyouwan Subject: [PATCH] obexd: Fix transfer has been free in transfer_abort_response Date: Tue, 14 Jun 2022 21:15:49 +0800 Message-Id: <20220614131549.22054-1-wangyouwan@uniontech.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:uniontech.com:qybgforeign:qybgforeign3 X-QQ-Bgrelay: 1 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Breakpoint 7, transfer_new (obex=0x5555555f5b50, opcode=2 '\002', complete_func=0x555555590c40 , user_data=0x5555555f7000) at gobex/gobex-transfer.c:254 254 gobex/gobex-transfer.c: (gdb) c Continuing. Breakpoint 3, transfer_complete (transfer=0x5555555f5f40, err=0x5555555f6d60) at gobex/gobex-transfer.c:99 99 in gobex/gobex-transfer.c (gdb) c Continuing. Breakpoint 4, xfer_complete (obex=0x5555555f5b50, err=0x5555555f6d60, user_data=0x5555555f7000) at obexd/client/transfer.c:659 659 obexd/client/transfer.c: (gdb) n 661 in obexd/client/transfer.c (gdb) n 663 in obexd/client/transfer.c (gdb) p callback->func $17 = (transfer_callback_t) 0x5555555885e0 (gdb) c Continuing. Breakpoint 3, transfer_complete (transfer=0x5555555f7000, err=0x5555555f6d60, user_data=0x5555555f48d0) at obexd/client/session.c:964 964 obexd/client/session.c: (gdb) c Continuing. Breakpoint 5, transfer_free (transfer=0x5555555f5f40) at gobex/gobex-transfer.c:61 61 gobex/gobex-transfer.c: (gdb) n 63 in gobex/gobex-transfer.c (gdb) p transfer->id $18 = 1 (gdb) c Continuing. Breakpoint 2, transfer_abort_response (obex=0x5555555f5b50, err=0x0, rsp=0x5555555f0810, user_data=0x5555555f5f40) at gobex/gobex-transfer.c:116 116 in gobex/gobex-transfer.c (gdb) n 118 in gobex/gobex-transfer.c (gdb) p transfer->id $19 = 1432314080 (gdb) c Continuing. Breakpoint 3, transfer_complete (transfer=0x5555555f5f40, err=0x5555555f6f00) at gobex/gobex-transfer.c:99 99 in gobex/gobex-transfer.c (gdb) c Continuing. Breakpoint 4, xfer_complete (obex=0x5555555f5b50, err=0x5555555f6f00, user_data=0x5555555f7000) at obexd/client/transfer.c:659 659 obexd/client/transfer.c: (gdb) n 661 in obexd/client/transfer.c (gdb) p callback->func $20 = (transfer_callback_t) 0x5555555f6420 (gdb) n 663 in obexd/client/transfer.c (gdb) n 668 in obexd/client/transfer.c (gdb) n 671 in obexd/client/transfer.c (gdb) n 672 in obexd/client/transfer.c (gdb) n 676 in obexd/client/transfer.c (gdb) n 679 in obexd/client/transfer.c (gdb) n 680 in obexd/client/transfer.c (gdb) n 0x00005555555f6420 in ?? () (gdb) n Cannot find bounds of current function (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x00005555555f6420 in ?? () (gdb) --- gobex/gobex-transfer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gobex/gobex-transfer.c b/gobex/gobex-transfer.c index c94d018b2..48b1f6962 100644 --- a/gobex/gobex-transfer.c +++ b/gobex/gobex-transfer.c @@ -92,7 +92,9 @@ static void transfer_complete(struct transfer *transfer, GError *err) g_obex_drop_tx_queue(transfer->obex); } - transfer->complete_func(transfer->obex, err, transfer->user_data); + if (find_transfer(id) != NULL) + transfer->complete_func(transfer->obex, err, transfer->user_data); + /* Check if the complete_func removed the transfer */ if (find_transfer(id) == NULL) return; -- 2.20.1