From: Yun-Hao Chung <howardchung@xxxxxxxxxxxx> In probe_service, if the service already exists in device->services, it returns the service. This might cause dev_probe and device_probe_profile to add a duplicate service into device->services. When removing the device, a double-free error might occur. This patch changes the logic of probe_service so that the same service will not be added to a device. --- Hi maintainers, This was originally found by removing/reprobing profiles in admin_policy plugin. Since we are going to adopt the other way to block incoming connection, this patch is no longer causing any issue, but I think it is still nice to have to prevent potential crashes. Thanks, Howard src/device.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index faf07ba22270..b29aa195d19b 100644 --- a/src/device.c +++ b/src/device.c @@ -4624,8 +4624,11 @@ static struct btd_service *probe_service(struct btd_device *device, return NULL; l = find_service_with_profile(device->services, profile); + /* If the service already exists, return NULL so that it won't be added + * to the device->services. + */ if (l) - return l->data; + return NULL; service = service_create(device, profile); -- 2.32.0.402.g57bb445576-goog
