From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> This fixes not removing the process_id timeout when freeing the session which can cause the following crash: Invalid read of size 8 at 0x18EB39: bap_debug (bap.c:553) by 0x1913A8: bap_process_queue (bap.c:3542) by 0x1A8630: timeout_callback (timeout-glib.c:25) Address 0x55e0650 is 128 bytes inside a block of size 160 free'd at 0x48480E4: free (vg_replace_malloc.c:872) --- src/shared/bap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/bap.c b/src/shared/bap.c index f48cbdf5d6f9..52878fcf0368 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -2586,6 +2586,8 @@ static void bap_free(void *data) { struct bt_bap *bap = data; + timeout_remove(bap->process_id); + bt_bap_detach(bap); bap_db_free(bap->rdb); -- 2.40.0