git.osdn.net Git - android-x86/external-bluetooth-bluez.git/commit

obexd/session: Fix crash while processing command queue

session_process_queue can call a callback which can cause the session to
be freed:
Invalid write of size 4
   at 0x4265C9: session_process (session.c:716)
   by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x40D55C: main (main.c:319)
Address 0x4d658a8 is 104 bytes inside a block of size 120 free'd
   at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x3D4604D9AE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x4265B1: session_process_queue (session.c:794)
   by 0x4265C8: session_process (session.c:714)
   by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x40D55C: main (main.c:319)

author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Thu, 3 Oct 2013 11:18:21 +0000 (14:18 +0300)
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Thu, 3 Oct 2013 13:46:41 +0000 (16:46 +0300)
commit	27bb25c130cad091192c062176448272ad4b1988
tree	51e51f0f5bb3abb88811abdcc8e24bb9d65c6a3e	tree \| snapshot
parent	8b6966a72f92d3081ad57cc878125d9ace404a72	commit \| diff