a2dp_reconfigure() is called as callback when local and remote SEP does not
have to be valid anymore, sep->lsep can be NULL.
This change fixes bluetoothd daemon crash (dereferencing NULL sep->lsep)
when audio agent disconnect in the middle of the reconfigure call.
---
profiles/audio/a2dp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index a5590b24c..8e6d8b417 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1179,6 +1179,12 @@ static gboolean a2dp_reconfigure(gpointer data)
struct avdtp_media_codec_capability *rsep_codec;
struct avdtp_service_capability *cap;
+ if (!sep->lsep) {
+ error("a2dp_reconfigure: no valid local SEP");
+ posix_err = -EINVAL;
+ goto failed;
+ }
+
if (setup->rsep) {
cap = avdtp_get_codec(setup->rsep->sep);
rsep_codec = (struct avdtp_media_codec_capability *) cap->data;
@@ -1187,6 +1193,12 @@ static gboolean a2dp_reconfigure(gpointer data)
if (!setup->rsep || sep->codec != rsep_codec->media_codec_type)
setup->rsep = find_remote_sep(setup->chan, sep);
+ if (!setup->rsep) {
+ error("a2dp_reconfigure: unable to find remote SEP");
+ posix_err = -EINVAL;
+ goto failed;
+ }
+
posix_err = avdtp_set_configuration(setup->session, setup->rsep->sep,
sep->lsep,
setup->caps,
--
2.20.1
