obexd: Fix freeing apparam data on PBAP module

Invalid read of size 8
   at 0x40EC04: g_obex_apparam_free (gobex-apparam.c:362)
   by 0x41A66A: obc_transfer_free (transfer.c:272)
   by 0x413221: pending_request_free (session.c:163)
   by 0x413659: session_terminate_transfer (session.c:745)
   by 0x41A53E: xfer_complete (transfer.c:518)
   by 0x41B5D7: get_xfer_progress_first (transfer.c:562)
   by 0x409750: handle_response (gobex.c:948)
   by 0x40A609: incoming_data (gobex.c:1191)
   by 0x371D047824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x371D047B57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x371D047F51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x40542F: main (main.c:175)
 Address 0x4f64510 is 0 bytes inside a block of size 8 free'd
   at 0x4A079AE: free (vg_replace_malloc.c:427)
   by 0x371D04D50E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x416060: phonebook_size_callback (pbap.c:266)
   by 0x413651: session_terminate_transfer (session.c:743)
   by 0x41A53E: xfer_complete (transfer.c:518)
   by 0x41B5D7: get_xfer_progress_first (transfer.c:562)
   by 0x409750: handle_response (gobex.c:948)
   by 0x40A609: incoming_data (gobex.c:1191)
   by 0x371D047824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x371D047B57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x371D047F51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
   by 0x40542F: main (main.c:175)

diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
index ea4a023..b17b4f4 100644 (file)
--- a/obexd/client/pbap.c
+++ b/obexd/client/pbap.c
@@ -262,8 +262,6 @@ static void read_return_apparam(struct obc_transfer *transfer,
                                                        phone_book_size);
        g_obex_apparam_get_uint8(apparam, NEWMISSEDCALLS_TAG,
                                                        new_missed_calls);
-
-       g_obex_apparam_free(apparam);
 }
 
 static void phonebook_size_callback(struct obc_session *session,