Hi All,
Fix of thread racing in bt_att_send()
In case bt_att_send() is called from other thread, internal thread
could complete
just added operation before bt_att_send() returns. So, the function
return 0 as in error case.
--- bluez-5.28.org/src/shared/att.c 2015-02-01 20:54:19.000000000 -0800
+++ bluez-5.28/src/shared/att.c 2015-02-23 18:31:48.645460238 -0800
@@ -73,7 +74,7 @@
uint8_t *buf;
uint16_t mtu;
- unsigned int next_send_id; /* IDs for "send" ops */
+ volatile unsigned int next_send_id; /* IDs for "send" ops */
unsigned int next_reg_id; /* IDs for registered callbacks */
bt_att_timeout_func_t timeout_callback;
@@ -1006,7 +1008,8 @@
{
struct att_send_op *op;
bool result;
-
+ unsigned int id;
+
if (!att || !att->io)
return 0;
@@ -1018,7 +1021,7 @@
if (att->next_send_id < 1)
att->next_send_id = 1;
- op->id = att->next_send_id++;
+ id = op->id = att->next_send_id++;
/* Add the op to the correct queue based on its type */
switch (op->type) {
@@ -1046,7 +1049,7 @@
wakeup_writer(att);
- return op->id;
+ return id;
}
static bool match_op_id(const void *a, const void *b)
