Hi Syam, On Mon, Jan 21, 2013 at 3:33 PM, Syam Sidhardhan <s.syam@xxxxxxxxxxx> wrote: > A pointer to freed memory is dereferenced if we call function > hdp_get_dcpsm_cb() with out any earlier reference. > --- > profiles/health/hdp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c > index c15f06a..a42ca48 100644 > --- a/profiles/health/hdp.c > +++ b/profiles/health/hdp.c > @@ -542,9 +542,9 @@ static void hdp_get_dcpsm_cb(uint16_t dcpsm, gpointer user_data, GError *err) > hdp_tmp_dc_data_destroy, &gerr)) > return; > > - hdp_tmp_dc_data_unref(hdp_conn); > hdp_conn->cb(hdp_chann->mdl, err, hdp_conn); > g_error_free(gerr); > + hdp_tmp_dc_data_unref(hdp_conn); > } > > static void device_reconnect_mdl_cb(struct mcap_mdl *mdl, GError *err, > -- > 1.7.9.5 All 3 patches are now upstream, thanks. -- Luiz Augusto von Dentz -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
