Hi,
The below is my workaroung right new, but in "g_attrib_ref" function should
be another way to fix this crash.
guint gatt_read_char(GAttrib *attrib, uint16_t handle, GAttribResultFunc
func,
gpointer user_data)
{
uint8_t *buf;
size_t buflen;
guint16 plen;
guint id;
struct read_long_data *long_read;
long_read = g_try_new0(struct read_long_data, 1);
if (long_read == NULL)
return 0;
printf("call from here %d\n",__LINE__);
long_read->attrib = g_attrib_ref(attrib);
+ if(long_read->attrib == NULL)
+ return 0;
long_read->func = func;
GAttrib *g_attrib_ref(GAttrib *attrib)
{
if (!attrib)
return NULL;
+ if(attrib->ref_count > 30)
+ {
+ return NULL;
+ }
__sync_fetch_and_add(&attrib->ref_count, 1);
DBG("%p: g_attrib_ref=%d ", attrib, attrib->ref_count);
return attrib;
}
BR,
Patirck
-----原始郵件-----
From: boyiliao@xxxxxxxxxxxx
Sent: Sunday, November 22, 2015 8:21 AM
To: linux-bluetooth@xxxxxxxxxxxxxxx ; Majordomo@xxxxxxxxxxxxxxx
Subject: bluetoothd crashes when connecting to XiaoMi RC
Hi,
I am using bluez 5.35 on Raspberry pi (kernel 4.1.6).
I try to using XiaoMi BLE remote control on Raspberry pi , I found when
gatt.c gatt_read_char() function call gattrib.c g_attrib_ref () will cause
bluetoothd crashed, because I think it acess a wrong address
"attrib/gattrib.c:g_attrib_ref() 0x1c9210: g_attrib_ref=808464433"
the attachment is the bluetoothd log
BR,
Patrick
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
