git.osdn.net Git - android-x86/external-bluetooth-bluez.git/commit

author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Tue, 14 Jan 2014 10:42:48 +0000 (12:42 +0200)
committer	Szymon Janc <szymon.janc@tieto.com>
	Tue, 14 Jan 2014 10:53:00 +0000 (11:53 +0100)
commit	5903b4f510a1534ab81b15c4223e0f6839aa207f
tree	32477acb43f508045d97c0f504d3fd8bf4c5cbbe	tree \| snapshot
parent	d2ba4c96acc520ffbd5b97c0ef32a0c9045e6959	commit \| diff

android/AVDTP: Fix invalid free of struct discover

If callback releases the last reference it can cause the following:
Invalid free() / delete / delete[] / realloc()
   at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x386244EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x410356: finalize_discovery (avdtp.c:933)
   by 0x414462: session_cb (avdtp.c:2555)
   by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x403A95: main (main.c:439)
Address 0x4cf7af0 is 0 bytes inside a block of size 24 free'd
   at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x386244EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x410356: finalize_discovery (avdtp.c:933)
   by 0x4110BC: avdtp_unref (avdtp.c:1026)
   by 0x416491: a2dp_device_free (a2dp.c:122)
   by 0x4165DF: bt_a2dp_notify_state (a2dp.c:166)
   by 0x417170: discover_cb (a2dp.c:333)
   by 0x41034E: finalize_discovery (avdtp.c:931)
   by 0x414462: session_cb (avdtp.c:2555)
   by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)