git.osdn.net Git - android-x86/external-bluetooth-bluez.git/commit

shared/mgmt: Fix crash when removing index

Because queue entries are no longer protected by a reference it is
necessary to return the use of in_notify flag, etc, otherwise the
following crash can happen when removing an index:

Invalid read of size 8
   at 0x41AD6F: queue_foreach (queue.c:219)
   by 0x41CA6C: process_notify (mgmt.c:280)
   by 0x41CA6C: can_read_data (mgmt.c:338)
   by 0x422DCA: watch_callback (io-glib.c:170)
   by 0x4E7EA89: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7EE1F: ??? (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7F141: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x422A31: tester_run (tester.c:830)
   by 0x403013: main (l2cap-tester.c:1489)
Address 0x5754b38 is 8 bytes inside a block of size 16 free'd
   at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x41AFCF: queue_remove_if (queue.c:302)
   by 0x41B0BA: queue_remove_all (queue.c:331)
   by 0x41C6A2: mgmt_unregister_index (mgmt.c:737)
   by 0x405033: index_removed_callback (l2cap-tester.c:162)
   by 0x41B751: notify_handler (mgmt.c:270)
   by 0x41AD83: queue_foreach (queue.c:220)
   by 0x41CA6C: process_notify (mgmt.c:280)
   by 0x41CA6C: can_read_data (mgmt.c:338)
   by 0x422DCA: watch_callback (io-glib.c:170)
   by 0x4E7EA89: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7EE1F: ??? (in /usr/lib64/libglib-2.0.so.0.4400.1)
   by 0x4E7F141: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4400.1)

author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Tue, 10 Nov 2015 09:32:38 +0000 (11:32 +0200)
committer	Johan Hedberg <johan.hedberg@intel.com>
	Tue, 10 Nov 2015 18:45:15 +0000 (20:45 +0200)
commit	872729a9163263112a1e893aa9c87a8f3d504719
tree	b26b1b8abaea442bd089b5da7c3a759553df3bdc	tree \| snapshot
parent	d52e7dd260a9201e40abd261b6dcdd60d9c20f26	commit \| diff