Hi Pali,
On Sun, May 3, 2020 at 4:06 AM Pali Rohár <pali@xxxxxxxxxx> wrote:
>
> a2dp_reconfigure() is called as callback when local and remote SEP does not
> have to be valid anymore, sep->lsep can be NULL.
>
> This change fixes bluetoothd daemon crash (dereferencing NULL sep->lsep)
> when audio agent disconnect in the middle of the reconfigure call.
> ---
> profiles/audio/a2dp.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index c31aaf187..a2ce3204d 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -1178,6 +1178,12 @@ static gboolean a2dp_reconfigure(gpointer data)
> struct avdtp_media_codec_capability *rsep_codec;
> struct avdtp_service_capability *cap;
>
> + if (!sep->lsep) {
> + error("no valid local SEP");
> + posix_err = -EINVAL;
> + goto failed;
> + }
> +
> if (setup->rsep) {
> cap = avdtp_get_codec(setup->rsep->sep);
> rsep_codec = (struct avdtp_media_codec_capability *) cap->data;
> @@ -1186,6 +1192,12 @@ static gboolean a2dp_reconfigure(gpointer data)
> if (!setup->rsep || sep->codec != rsep_codec->media_codec_type)
> setup->rsep = find_remote_sep(setup->chan, sep);
>
> + if (!setup->rsep) {
> + error("unable to find remote SEP");
> + posix_err = -EINVAL;
> + goto failed;
> + }
> +
> posix_err = avdtp_set_configuration(setup->session, setup->rsep->sep,
> sep->lsep,
> setup->caps,
> --
> 2.20.1
Applied, thanks.
--
Luiz Augusto von Dentz
