Prevent bluetooth native crash during failed security authentication

* Use-after-free issue cause Bluetooth native crash during failed security authentication
* fixes a regression caused by commit SHA 26d629c

Bug: 137828534
Test: pair with Bluetooth keyboard/carkit -> input incorrect PIN code.
Change-Id: Ia1f7dad678fc71ebf4af6b943c6a9e6102e67592

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index 4db757e..c4a28e3 100644 (file)
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -4305,12 +4305,15 @@ void btm_sec_connected(const RawAddress& bda, uint16_t handle, uint8_t status,
       }
     }
 
-    if (!addr_matched) {
-      /* Don't callback unless this Connection-Complete-failure event has the
-       * same mac address as the bonding device */
+    /* p_auth_complete_callback might have freed the p_dev_rec, ensure it exists
+     * before accessing */
+    p_dev_rec = btm_find_dev(bda);
+    if (!p_dev_rec) {
+      /* Don't callback when device security record was removed */
       VLOG(1) << __func__
-              << ": Different mac addresses: pairing_bda=" << btm_cb.pairing_bda
-              << ", bda=" << bda << ", do not callback";
+              << ": device security record associated with this bda has been "
+                 "removed! bda="
+              << bda << ", do not callback!";
       return;
     }