Hi, On Wed, Aug 26, 2015 at 1:05 PM, Hsin-Yu Chao <hychao@xxxxxxxxxxxx> wrote: > The boolean pointer passed in to config_cb could be NULL > in media_endpoint_cancel(). In that case we should not > derefence it but pass FALSE instead to indicate error. > > Below is the core dump to demonstrate the crash: > > config_cb (endpoint=0xb814ff40, ret=0x0, size=-1, > user_data=0xb8157758) at profiles/audio/media.c:537 > 0xb6eb7ba4 in media_endpoint_cancel (request=0xb815b4d0) > at profiles/audio/media.c:141 > 0xb6eb7c98 in media_endpoint_cancel_all (endpoint=0xb814ff40) > at profiles/audio/media.c:149 > clear_endpoint (endpoint=endpoint@entry=0xb814ff40) > at profiles/audio/media.c:250 > 0xb6eb7e74 in endpoint_reply (call=<optimized out>, user_data=0xb815b4d0) > at profiles/audio/media.c:277 > 0xb6d50336 in ?? () from /usr/lib/libdbus-1.so.3 > --- > profiles/audio/media.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/profiles/audio/media.c b/profiles/audio/media.c > index ed441d0..cad9cce 100644 > --- a/profiles/audio/media.c > +++ b/profiles/audio/media.c > @@ -534,7 +534,7 @@ static void config_cb(struct media_endpoint *endpoint, void *ret, int size, > struct a2dp_config_data *data = user_data; > gboolean *ret_value = ret; > > - data->cb(data->setup, *ret_value ? TRUE : FALSE); > + data->cb(data->setup, ret_value ? *ret_value : FALSE); > } > > static int set_config(struct a2dp_sep *sep, uint8_t *configuration, > -- > 2.5.0.457.gab17608 Applied, thanks. -- Luiz Augusto von Dentz -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
