Fix crash during derigister GATT server

When deregister a gatt server, GATT_deregister
will use a loop to stop service one by one and
call std::list::erase in GATTS_StopService to
remove service info. But erase makes iterator lose
efficacy. If the iterator is operated after that,
Bluetooth will crash.

Add the iterator before erase.

Test: manual
Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa

diff --git a/stack/gatt/gatt_api.cc b/stack/gatt/gatt_api.cc
index fdd6844..1ee014d 100644 (file)
--- a/stack/gatt/gatt_api.cc
+++ b/stack/gatt/gatt_api.cc
@@ -1054,9 +1054,11 @@ void GATT_Deregister(tGATT_IF gatt_if) {
     other application
     deregisteration need to bed performed in an orderly fashion
     no check for now */
-  for (auto& el : *gatt_cb.srv_list_info) {
-    if (el.gatt_if == gatt_if) {
-      GATTS_StopService(el.s_hdl);
+  for (auto it = gatt_cb.srv_list_info->begin(); it != gatt_cb.srv_list_info->end(); ) {
+    if (it->gatt_if == gatt_if) {
+      GATTS_StopService(it++->s_hdl);
+    } else {
+      ++it;
     }
   }