28.11.2014 17:43, David Henningsson wrote:
> Because the adapters reference the devices hashmap on free, we mush
> free the adapters hashmap first and then the devices hashmap.
I think the fix is incomplete, or there is more than one problem. If I
kill pulseaudio that receives audio from my phone (using a2dp profile),
I get this:
==5256== Invalid read of size 1
==5256== at 0x5D5FCE0: pa_idxset_string_hash_func (idxset.c:67)
==5256== by 0x5D5EBF5: remove_entry (hashmap.c:103)
==5256== by 0x5D5F2BB: pa_hashmap_remove_all (hashmap.c:229)
==5256== by 0x5D5F341: pa_hashmap_free (hashmap.c:120)
==5256== by 0x1E50443C: module_bluez5_discover_LTX_pa__done
(module-bluez5-discover.c:162)
==5256== by 0x4E60B48: pa_module_free (module.c:227)
==5256== by 0x4E61929: pa_module_unload_all (module.c:292)
==5256== by 0x406476: main (main.c:1161)
==5256== Address 0x1aa7d670 is 0 bytes inside a block of size 38 free'd
==5256== at 0x4C2A20C: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5256== by 0x510395E: pa_xfree (xmalloc.c:131)
==5256== by 0x1E70BA4F: device_free (bluez5-util.c:433)
==5256== by 0x5D5F2DC: pa_hashmap_remove_all (hashmap.c:232)
==5256== by 0x5D5F341: pa_hashmap_free (hashmap.c:120)
==5256== by 0x1E70EAB5: pa_bluetooth_discovery_unref (bluez5-util.c:1667)
==5256== by 0x1E50442E: module_bluez5_discover_LTX_pa__done
(module-bluez5-discover.c:159)
==5256== by 0x4E60B48: pa_module_free (module.c:227)
==5256== by 0x4E61929: pa_module_unload_all (module.c:292)
==5256== by 0x406476: main (main.c:1161)
==5256==
==5256== Invalid read of size 1
==5256== at 0x5D5FCFE: pa_idxset_string_hash_func (idxset.c:67)
==5256== by 0x5D5EBF5: remove_entry (hashmap.c:103)
==5256== by 0x5D5F2BB: pa_hashmap_remove_all (hashmap.c:229)
==5256== by 0x5D5F341: pa_hashmap_free (hashmap.c:120)
==5256== by 0x1E50443C: module_bluez5_discover_LTX_pa__done
(module-bluez5-discover.c:162)
==5256== by 0x4E60B48: pa_module_free (module.c:227)
==5256== by 0x4E61929: pa_module_unload_all (module.c:292)
==5256== by 0x406476: main (main.c:1161)
==5256== Address 0x1aa7d671 is 1 bytes inside a block of size 38 free'd
==5256== at 0x4C2A20C: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5256== by 0x510395E: pa_xfree (xmalloc.c:131)
==5256== by 0x1E70BA4F: device_free (bluez5-util.c:433)
==5256== by 0x5D5F2DC: pa_hashmap_remove_all (hashmap.c:232)
==5256== by 0x5D5F341: pa_hashmap_free (hashmap.c:120)
==5256== by 0x1E70EAB5: pa_bluetooth_discovery_unref (bluez5-util.c:1667)
==5256== by 0x1E50442E: module_bluez5_discover_LTX_pa__done
(module-bluez5-discover.c:159)
==5256== by 0x4E60B48: pa_module_free (module.c:227)
==5256== by 0x4E61929: pa_module_unload_all (module.c:292)
==5256== by 0x406476: main (main.c:1161)
==5256==
>
> Reported-by: Alexander Patrakov <patrakov at gmail.com>
> Signed-off-by: David Henningsson <david.henningsson at canonical.com>
> ---
> src/modules/bluetooth/bluez5-util.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/modules/bluetooth/bluez5-util.c b/src/modules/bluetooth/bluez5-util.c
> index 6894e83..0b234ae 100644
> --- a/src/modules/bluetooth/bluez5-util.c
> +++ b/src/modules/bluetooth/bluez5-util.c
> @@ -1660,12 +1660,12 @@ void pa_bluetooth_discovery_unref(pa_bluetooth_discovery *y) {
>
> pa_dbus_free_pending_list(&y->pending);
>
> - if (y->devices)
> - pa_hashmap_free(y->devices);
> -
> if (y->adapters)
> pa_hashmap_free(y->adapters);
>
> + if (y->devices)
> + pa_hashmap_free(y->devices);
> +
> if (y->transports) {
> pa_assert(pa_hashmap_isempty(y->transports));
> pa_hashmap_free(y->transports);
>
--
Alexander E. Patrakov
