From: Anderson Lizardo <anderson.lizardo@openbossa.org>
Date: Tue, 29 Jan 2013 18:52:26 +0000 (-0400)
Subject: core: Fix g_source_remove() with zero ID while removing device
X-Git-Tag: android-x86-4.4-r3~8602
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=4cc7c23afb3377baca418b2a5b6a3ebd58d570c0;p=android-x86%2Fexternal-bluetooth-bluez.git

core: Fix g_source_remove() with zero ID while removing device

store_device_info_cb() is also used as callback for g_idle_add() and
therefore sets device->store_id to zero. During device removal it may be
called manually, which must be done only after the existing
device->store_id is removed from mainloop.

Fix this GLib error (and a bunch of invalid read/writes when
store_device_info_cb() was called after device removal due to this bug):

bluetoothd[1192]: src/device.c:device_remove() Removing device
/org/bluez/hci0/dev_12_34_12_34_12_34

(bluetoothd:1192): GLib-CRITICAL **: g_source_remove: assertion `tag >
0' failed
bluetoothd[1192]: src/device.c:btd_device_unref() Freeing device
/org/bluez/hci0/dev_12_34_12_34_12_34
bluetoothd[1192]: src/device.c:device_free() 0x463a2a0
---

diff --git a/src/device.c b/src/device.c
index 406bc08cd..c13e2d065 100644
--- a/src/device.c
+++ b/src/device.c
@@ -2197,11 +2197,11 @@ void device_remove(struct btd_device *device, gboolean remove_stored)
 		do_disconnect(device);
 
 	if (device->store_id > 0) {
-		if (!remove_stored)
-			store_device_info_cb(device);
-
 		g_source_remove(device->store_id);
 		device->store_id = 0;
+
+		if (!remove_stored)
+			store_device_info_cb(device);
 	}
 
 	if (remove_stored)