This adds checks before parsing bt_bap user data in bap attached/detached,
to avoid accessing NULL pointers in case the user data has been cleared
or has not been set before attaching a BAP session.
---
profiles/audio/bass.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/profiles/audio/bass.c b/profiles/audio/bass.c
index 6c84fa1c3..67ee847b8 100644
--- a/profiles/audio/bass.c
+++ b/profiles/audio/bass.c
@@ -559,14 +559,21 @@ static void confirm_cb(GIOChannel *io, void *user_data)
static void bap_attached(struct bt_bap *bap, void *user_data)
{
- struct btd_service *service = bt_bap_get_user_data(bap);
- struct btd_device *device = btd_service_get_device(service);
- struct btd_adapter *adapter = device_get_adapter(device);
+ struct btd_service *service;
+ struct btd_device *device;
+ struct btd_adapter *adapter;
struct bass_delegator *dg;
GError *err = NULL;
DBG("%p", bap);
+ service = bt_bap_get_user_data(bap);
+ if (!service)
+ return;
+
+ device = btd_service_get_device(service);
+ adapter = device_get_adapter(device);
+
dg = queue_find(delegators, delegator_match_device, device);
if (!dg)
/* Only probe devices added via Broadcast Assistants */
@@ -620,12 +627,18 @@ static void setup_free(void *data)
static void bap_detached(struct bt_bap *bap, void *user_data)
{
- struct btd_service *service = bt_bap_get_user_data(bap);
- struct btd_device *device = btd_service_get_device(service);
+ struct btd_service *service;
+ struct btd_device *device;
struct bass_delegator *dg;
DBG("%p", bap);
+ service = bt_bap_get_user_data(bap);
+ if (!service)
+ return;
+
+ device = btd_service_get_device(service);
+
dg = queue_remove_if(delegators, delegator_match_device, device);
if (!dg)
return;
--
2.43.0
