| Message ID | 20200601213902.389278-1-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ] a2dp: Fix crash on transport_cb | expand |
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index 7f14c880a..d88d1fa69 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -2217,6 +2217,14 @@ static void transport_cb(GIOChannel *io, GError *err, gpointer user_data) { struct a2dp_setup *setup = user_data; uint16_t omtu, imtu; + GSList *l; + + l = g_slist_find(setups, setup); + if (!l) { + warn("bt_io_accept: setup %p no longer valid", setup); + g_io_channel_shutdown(io, TRUE, NULL); + return; + } if (err) { error("%s", err->message);
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> There have been reports of crashes on transport_cb where the setup would most likely already have been freed but transport_cb would still be called, so instead of assuming the setup pointer would be valid try to lookup the list of active setups and log a warning when it happens. --- profiles/audio/a2dp.c | 8 ++++++++ 1 file changed, 8 insertions(+)