* Use-after-free issue cause Bluetooth native crash during failed security authentication
* fixes a regression caused by commit SHA
26d629c
Bug:
137828534
Test: pair with Bluetooth keyboard/carkit -> input incorrect PIN code.
Change-Id: Ia1f7dad678fc71ebf4af6b943c6a9e6102e67592
}
}
- if (!addr_matched) {
- /* Don't callback unless this Connection-Complete-failure event has the
- * same mac address as the bonding device */
+ /* p_auth_complete_callback might have freed the p_dev_rec, ensure it exists
+ * before accessing */
+ p_dev_rec = btm_find_dev(bda);
+ if (!p_dev_rec) {
+ /* Don't callback when device security record was removed */
VLOG(1) << __func__
- << ": Different mac addresses: pairing_bda=" << btm_cb.pairing_bda
- << ", bda=" << bda << ", do not callback";
+ << ": device security record associated with this bda has been "
+ "removed! bda="
+ << bda << ", do not callback!";
return;
}