From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> This fixes the following trace: Invalid read of size 1 at 0x1F4282: bt_csip_get_sirk (csip.c:812) by 0x176B21: csip_ready (csip.c:259) by 0x1F3C74: csip_notify_ready (csip.c:578) by 0x1F3C74: csip_idle (csip.c:659) by 0x1DCDCC: idle_notify (gatt-client.c:171) by 0x1D579A: queue_remove_if (queue.c:279) by 0x1D584F: queue_remove_all (queue.c:321) by 0x1E036F: notify_client_idle (gatt-client.c:180) by 0x1E036F: request_unref (gatt-client.c:199) by 0x1DC60D: destroy_att_send_op (att.c:211) by 0x1DC60D: handle_rsp (att.c:874) by 0x1DC60D: can_read_data (att.c:1064) by 0x1F43F4: watch_callback (io-glib.c:157) by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6) by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6) Address 0x0 is not stack'd, malloc'd or (recently) free'd --- src/shared/csip.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/shared/csip.c b/src/shared/csip.c index 094f448a3532..7e90a3c97614 100644 --- a/src/shared/csip.c +++ b/src/shared/csip.c @@ -810,6 +810,9 @@ bool bt_csip_get_sirk(struct bt_csip *csip, uint8_t *type, if (!csis) return false; + if (!csis->sirk_val) + return false; + if (type) *type = csis->sirk_val->type; -- 2.39.2