When freeing a remote bap endpoint, the endpoint reference inside the
stream should be set to NULL, to avoid later use after free errors.
---
src/shared/bap.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index 851d6a5fa..60fb826c3 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -2979,6 +2979,16 @@ static void bap_state_free(void *data)
free(state);
}
+static void bap_ep_free(void *data)
+{
+ struct bt_bap_endpoint *ep = data;
+
+ if (ep && ep->stream)
+ ep->stream->ep = NULL;
+
+ free(ep);
+}
+
static void bap_detached(void *data, void *user_data)
{
struct bt_bap_cb *cb = data;
@@ -3001,7 +3011,7 @@ static void bap_free(void *data)
queue_destroy(bap->ready_cbs, bap_ready_free);
queue_destroy(bap->state_cbs, bap_state_free);
queue_destroy(bap->local_eps, free);
- queue_destroy(bap->remote_eps, free);
+ queue_destroy(bap->remote_eps, bap_ep_free);
queue_destroy(bap->reqs, bap_req_free);
queue_destroy(bap->notify, NULL);
--
2.39.2
