Hi Miao,
On Mon, Nov 2, 2020 at 2:36 PM Miao-chen Chou <mcchou@xxxxxxxxxxxx> wrote:
>
> This cleans up the lingering pointer, adapter->client, during powering
> off the adapter. The crash occurs when a D-Bus client set Powered
> property to false and immediately calls StopDiscovery() when there is
> ongoing discovery. As a part of powering off the adapter,
> adapter->discovery_list gets cleared, and given that adapter->client
> refers to one of the clients in adapter->discovery_list, adapter->client
> should be cleared along with it.
>
> (1) Connect to a BT audio device from BT system tray.
> (2) Once the audio device is connected, power off BT and immediately
> power off the audio device.
>
> Reviewed-by: Alain Michaud <alainm@xxxxxxxxxxxx>
> Reviewed-by: Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx>
> ---
>
> Changes in v2:
> - Move the D-Bus method call clean-up to discovery_free()
>
> src/adapter.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index c0053000a..f02ab799d 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -1496,6 +1496,7 @@ static void discovery_cleanup(struct btd_adapter *adapter, int timeout)
> static void discovery_free(void *user_data)
> {
> struct discovery_client *client = user_data;
> + struct btd_adapter *adapter = client->adapter;
>
> DBG("%p", client);
>
> @@ -1507,8 +1508,14 @@ static void discovery_free(void *user_data)
> client->discovery_filter = NULL;
> }
>
> - if (client->msg)
> + if (client->msg) {
> + if (client == adapter->client) {
> + g_dbus_send_message(dbus_conn,
> + btd_error_busy(client->msg));
> + adapter->client = NULL;
> + }
> dbus_message_unref(client->msg);
> + }
>
> g_free(client->owner);
> g_free(client);
> --
> 2.26.2
Applied, thanks.
--
Luiz Augusto von Dentz
