Free p_pending_data from tBNEP_CONN to avoid potential memory leaks

author Pavlin Radoslavov <pavlin@google.com>

Mon, 17 Jul 2017 22:41:12 +0000 (15:41 -0700)

committer Pavlin Radoslavov <pavlin@google.com>

Mon, 17 Jul 2017 22:44:02 +0000 (15:44 -0700)
author Pavlin Radoslavov <pavlin@google.com>
Mon, 17 Jul 2017 22:41:12 +0000 (15:41 -0700)
committer Pavlin Radoslavov <pavlin@google.com>
Mon, 17 Jul 2017 22:44:02 +0000 (15:44 -0700)
diff --git a/stack/bnep/bnep_main.cc b/stack/bnep/bnep_main.cc

index 6c2af22..c03a4af 100644 (file)
--- a/stack/bnep/bnep_main.cc
+++ b/stack/bnep/bnep_main.cc
@@ -525,6 +525,7 @@ static void bnep_data_ind(uint16_t l2cap_cid, BT_HDR* p_buf) {
        if (ctrl_type == BNEP_SETUP_CONNECTION_REQUEST_MSG &&
            p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p &&
            rem_len) {
+        osi_free(p_bcb->p_pending_data);
          p_bcb->p_pending_data = (BT_HDR*)osi_malloc(rem_len + sizeof(BT_HDR));
          memcpy((uint8_t*)(p_bcb->p_pending_data + 1), p, rem_len);
          p_bcb->p_pending_data->len = rem_len;
diff --git a/stack/bnep/bnep_utils.cc b/stack/bnep/bnep_utils.cc

index 3c8e904..70fac8c 100644 (file)
--- a/stack/bnep/bnep_utils.cc
+++ b/stack/bnep/bnep_utils.cc
@@ -143,7 +143,7 @@ void bnepu_release_bcb(tBNEP_CONN* p_bcb) {
  
    /* Drop any response pointer we may be holding */
    p_bcb->con_state = BNEP_STATE_IDLE;
-  p_bcb->p_pending_data = NULL;
+  osi_free_and_reset((void**)&p_bcb->p_pending_data);
  
    /* Free transmit queue */
    while (!fixed_queue_is_empty(p_bcb->xmit_q)) {
author	Pavlin Radoslavov <pavlin@google.com>
	Mon, 17 Jul 2017 22:41:12 +0000 (15:41 -0700)
committer	Pavlin Radoslavov <pavlin@google.com>
	Mon, 17 Jul 2017 22:44:02 +0000 (15:44 -0700)
stack/bnep/bnep_main.cc		patch \| blob \| history
stack/bnep/bnep_utils.cc		patch \| blob \| history