Hi Sonny,
On Fri, Aug 21, 2020 at 11:00 AM Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx> wrote:
>
> discovery_disconnect crashed because the adapter pointer has been freed
> before. This patch makes sure that discovery list is cleaned up before
> adapter pointer is freed.
>
> Reviewed-by: Miao-chen Chou <mcchou@xxxxxxxxxxxx>
>
> ---
> src/adapter.c | 20 +++++++++++++++-----
> 1 file changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index 5e896a9f0..1435e2bd7 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -5316,12 +5316,26 @@ static void free_service_auth(gpointer data, gpointer user_data)
> g_free(auth);
> }
>
> +static void remove_discovery_list(struct btd_adapter *adapter)
> +{
> + g_slist_free_full(adapter->set_filter_list, discovery_free);
> + adapter->set_filter_list = NULL;
> +
> + g_slist_free_full(adapter->discovery_list, discovery_free);
> + adapter->discovery_list = NULL;
> +}
> +
> static void adapter_free(gpointer user_data)
> {
> struct btd_adapter *adapter = user_data;
>
> DBG("%p", adapter);
>
> + /* Make sure the adapter's discovery list is cleaned up before freeing
> + * the adapter.
> + */
> + remove_discovery_list(adapter);
> +
> if (adapter->pairable_timeout_id > 0) {
> g_source_remove(adapter->pairable_timeout_id);
> adapter->pairable_timeout_id = 0;
> @@ -6846,11 +6860,7 @@ static void adapter_stop(struct btd_adapter *adapter)
>
> cancel_passive_scanning(adapter);
>
> - g_slist_free_full(adapter->set_filter_list, discovery_free);
> - adapter->set_filter_list = NULL;
> -
> - g_slist_free_full(adapter->discovery_list, discovery_free);
> - adapter->discovery_list = NULL;
> + remove_discovery_list(adapter);
>
> discovery_cleanup(adapter, 0);
>
> --
> 2.26.2
Applied, thanks.
--
Luiz Augusto von Dentz
