This patch adds a ref-count guard around incoming PDU handling so that
calling bt_att_unref from a callback doesn't free the bt_att instance.
---
src/shared/att.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/shared/att.c b/src/shared/att.c
index a5bf244..4be0652 100644
--- a/src/shared/att.c
+++ b/src/shared/att.c
@@ -722,6 +722,8 @@ static bool can_read_data(struct io *io, void *user_data)
pdu = att->buf;
opcode = pdu[0];
+ bt_att_ref(att);
+
/* Act on the received PDU based on the opcode type */
switch (get_op_type(opcode)) {
case ATT_OP_TYPE_RSP:
@@ -745,6 +747,7 @@ static bool can_read_data(struct io *io, void *user_data)
"Received request while another is "
"pending: 0x%02x", opcode);
io_shutdown(att->io);
+ bt_att_unref(att);
return false;
}
@@ -766,6 +769,8 @@ static bool can_read_data(struct io *io, void *user_data)
break;
}
+ bt_att_unref(att);
+
return true;
}
--
2.2.0.rc0.207.ga3a616c
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
