discovery_disconnect crashed because the adapter pointer has been freed
before. This patch makes sure that discovery list is cleaned up before
adapter pointer is freed.
Reviewed-by: Miao-chen Chou <mcchou@xxxxxxxxxxxx>
---
src/adapter.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index 5e896a9f0..1435e2bd7 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -5316,12 +5316,26 @@ static void free_service_auth(gpointer data, gpointer user_data)
g_free(auth);
}
+static void remove_discovery_list(struct btd_adapter *adapter)
+{
+ g_slist_free_full(adapter->set_filter_list, discovery_free);
+ adapter->set_filter_list = NULL;
+
+ g_slist_free_full(adapter->discovery_list, discovery_free);
+ adapter->discovery_list = NULL;
+}
+
static void adapter_free(gpointer user_data)
{
struct btd_adapter *adapter = user_data;
DBG("%p", adapter);
+ /* Make sure the adapter's discovery list is cleaned up before freeing
+ * the adapter.
+ */
+ remove_discovery_list(adapter);
+
if (adapter->pairable_timeout_id > 0) {
g_source_remove(adapter->pairable_timeout_id);
adapter->pairable_timeout_id = 0;
@@ -6846,11 +6860,7 @@ static void adapter_stop(struct btd_adapter *adapter)
cancel_passive_scanning(adapter);
- g_slist_free_full(adapter->set_filter_list, discovery_free);
- adapter->set_filter_list = NULL;
-
- g_slist_free_full(adapter->discovery_list, discovery_free);
- adapter->discovery_list = NULL;
+ remove_discovery_list(adapter);
discovery_cleanup(adapter, 0);
--
2.26.2
