Hi,
On Mon, Jun 8, 2020 at 6:11 PM Von Dentz, Luiz <luiz.von.dentz@xxxxxxxxx> wrote:
>
> Hi Miao,
>
> On Mon, Jun 8, 2020 at 6:03 PM Miao-chen Chou <mcchou@xxxxxxxxxxxx> wrote:
>>
>> This properly handles the unref of client->msg in
>> stop_discovery_complete() and the reset of it. This also handles the unref
>> of client->msg, the reset of client->watch and the reset of client->msg in
>> start_discovery_complete().
>>
>> The following test was performed:
>> (1) Intentionally changed the MGMT status other than MGMT_STATUS_SUCCESS
>> in stop_discovery_complete() and start_discovery_complete() and built
>> bluetoothd.
>> (2) In bluetoothctl console, issued scan on/scan off to invoke
>> StartDiscovery and verified that new discovery requests can be processed.
>>
>> Reviewed-by: Alain Michaud <alainm@xxxxxxxxxxxx>
>> Reviewed-by: Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx>
>> ---
>>
>> src/adapter.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/src/adapter.c b/src/adapter.c
>> index 76acfea70..0857a3115 100644
>> --- a/src/adapter.c
>> +++ b/src/adapter.c
>> @@ -1652,6 +1652,9 @@ fail:
>> reply = btd_error_busy(client->msg);
>> g_dbus_send_message(dbus_conn, reply);
>> g_dbus_remove_watch(dbus_conn, client->watch);
>
>
> We shouldn't be removing the watch directly since the client may have registered filters so we let discovery_remove do it by calling discovery_free if necessary.
>
>>
>> + client->watch = 0;
>> + dbus_message_unref(client->msg);
>> + client->msg = NULL;
>> discovery_remove(client, false);
>> return;
>> }
>> @@ -1926,6 +1929,8 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
>> if (client->msg) {
>> reply = btd_error_busy(client->msg);
>> g_dbus_send_message(dbus_conn, reply);
>> + dbus_message_unref(client->msg);
>> + client->msg = NULL;
>> }
>> goto done;
>> }
>> --
>> 2.26.2
>
>
> Ive sent similar fixes upstream, let me attach them here just in case.
Any comments on these changes, I would like to push them as soon as possible.
