From: Luiz Augusto von Dentz <[email protected]>
When local PAC is removed we attempt to release the streams but we left
it still attached to the endpoint, so this makes sure the stream is
properly detached by setting its state to idle.
Fixes: https://github.com/bluez/bluez/issues/457
---
src/shared/bap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index db7def7999b7..4ba65cbaa8f9 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -2478,8 +2478,10 @@ static void remove_streams(void *data, void *user_data)
struct bt_bap_stream *stream;
stream = queue_remove_if(bap->streams, match_stream_lpac, pac);
- if (stream)
+ if (stream) {
bt_bap_stream_release(stream, NULL, NULL);
+ stream_set_state(stream, BT_BAP_STREAM_STATE_IDLE);
+ }
}
bool bt_bap_remove_pac(struct bt_bap_pac *pac)
--
2.37.3
From: Luiz Augusto von Dentz <[email protected]>
If the stream state is idle the ep->stream shall be set to NULL
otherwise it may be reused causing the following trace:
==32623==ERROR: AddressSanitizer: heap-use-after-free on address ...
READ of size 8 at 0x60b000103550 thread T0
#0 0x7bf7b7 in bap_stream_valid src/shared/bap.c:4065
#1 0x7bf981 in bt_bap_stream_config src/shared/bap.c:4082
#2 0x51a7c8 in bap_config profiles/audio/bap.c:584
#3 0x71b907 in queue_foreach src/shared/queue.c:207
#4 0x51b61f in select_cb profiles/audio/bap.c:626
#5 0x4691ed in pac_select_cb profiles/audio/media.c:884
#6 0x4657ea in endpoint_reply profiles/audio/media.c:369
Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1399232486
---
profiles/audio/bap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index ae944b617bb4..8f24117681d2 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -998,9 +998,10 @@ static void bap_state(struct bt_bap_stream *stream, uint8_t old_state,
switch (new_state) {
case BT_BAP_STREAM_STATE_IDLE:
/* Release stream if idle */
- if (ep)
+ if (ep) {
bap_io_close(ep);
- else
+ ep->stream = NULL;
+ } else
queue_remove(data->streams, stream);
break;
case BT_BAP_STREAM_STATE_CONFIG:
--
2.37.3
From: Luiz Augusto von Dentz <[email protected]>
If local PAC is unregistered it would also notify via pac_removed
callback which shall unregister the endpoint D-Bus object.
Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1402178691
---
profiles/audio/bap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index 8f24117681d2..5a50a2cc6105 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -1049,12 +1049,12 @@ static void pac_added(struct bt_bap_pac *pac, void *user_data)
bt_bap_foreach_pac(data->bap, BT_BAP_SINK, pac_found, service);
}
-static bool ep_match_rpac(const void *data, const void *match_data)
+static bool ep_match_pac(const void *data, const void *match_data)
{
const struct bap_ep *ep = data;
const struct bt_bap_pac *pac = match_data;
- return ep->rpac == pac;
+ return ep->rpac == pac || ep->lpac == pac;
}
static void pac_removed(struct bt_bap_pac *pac, void *user_data)
@@ -1082,7 +1082,7 @@ static void pac_removed(struct bt_bap_pac *pac, void *user_data)
return;
}
- ep = queue_remove_if(queue, ep_match_rpac, pac);
+ ep = queue_remove_if(queue, ep_match_pac, pac);
if (!ep)
return;
--
2.37.3
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=715328
---Test result---
Test Summary:
CheckPatch PASS 1.58 seconds
GitLint PASS 0.99 seconds
BuildEll PASS 27.87 seconds
BluezMake PASS 1017.09 seconds
MakeCheck PASS 11.69 seconds
MakeDistcheck PASS 154.62 seconds
CheckValgrind PASS 250.50 seconds
CheckSmatch PASS 332.76 seconds
bluezmakeextell PASS 98.83 seconds
IncrementalBuild PASS 2597.74 seconds
ScanBuild PASS 1010.50 seconds
---
Regards,
Linux Bluetooth