From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
There have been reports of crashes on transport_cb where the setup
would most likely already have been freed but transport_cb would still
be called, so instead of assuming the setup pointer would be valid try
to lookup the list of active setups and log a warning when it happens.
---
profiles/audio/a2dp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index 7f14c880a..d88d1fa69 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -2217,6 +2217,14 @@ static void transport_cb(GIOChannel *io, GError *err, gpointer user_data)
{
struct a2dp_setup *setup = user_data;
uint16_t omtu, imtu;
+ GSList *l;
+
+ l = g_slist_find(setups, setup);
+ if (!l) {
+ warn("bt_io_accept: setup %p no longer valid", setup);
+ g_io_channel_shutdown(io, TRUE, NULL);
+ return;
+ }
if (err) {
error("%s", err->message);
--
2.25.3
