Hi Rafal, On Mon, Jun 13, 2011, Rafal Michalski wrote: > Under some circumstances (such as terminating bluetoothd during music is > streamed) sep object may be destroyed (memory for sep object is internally > freed, directly by "a2dp_unregister_sep") after invoking > "media_endpoint_clear_configuration" (in "stream_state_changed"). > It leads to invalid write issue (reported by valgrind) after assignment > "sep->stream = NULL", since "sep" is "alias" pointer to sep object which > is already out of date (memory for sep object has been already freed) > > This patch prevents from this issue by ensuring that assignment > "sep->stream = NULL" would be executed when sep object certainly exists. > --- > audio/a2dp.c | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) All four patches have been pushed upstream. Thanks. Johan -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
