From 0403dcd262980110ef2a24ac9c0a72d0dc3d96bb Mon Sep 17 00:00:00 2001 From: Andre Eisenbach Date: Tue, 10 May 2016 20:27:20 -0700 Subject: [PATCH] Fix double mutex unlock and if() condition Commit "L2CAP and SDP Search API for BT profiles (2/2)" introduced two separate issues in btsock_rfc_signaled(): 1. The "slot_lock" potentially gets unlocked twice, causing undefined behaviour. 2. The call to BTA_JvRfcommWrite() was incorrectly taken outside of the conditional if() block that only executes the code if data is available. This patch reverts the relevant locking change and fixes the if() condition. Bug: 27204458 Change-Id: I63b1257d21ca7bdd248858ec67e28f64e37a7895 --- btif/src/btif_sock_rfc.cc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/btif/src/btif_sock_rfc.cc b/btif/src/btif_sock_rfc.cc index 89a1f19c6..cf40af386 100644 --- a/btif/src/btif_sock_rfc.cc +++ b/btif/src/btif_sock_rfc.cc @@ -809,11 +809,9 @@ void btsock_rfc_signaled(UNUSED_ATTR int fd, int flags, uint32_t user_id) { if (slot->f.connected) { // Make sure there's data pending in case the peer closed the socket. int size = 0; - if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size)) - //unlock before BTA_JvRfcommWrite to avoid deadlock on concurrnet multi rfcomm connectoins - //concurrnet multi rfcomm connectoins - pthread_mutex_unlock(&slot_lock); + if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size)) { BTA_JvRfcommWrite(slot->rfc_handle, slot->id); + } } else { LOG_ERROR(LOG_TAG, "%s socket signaled for read while disconnected, slot: %d, channel: %d", __func__, slot->id, slot->scn); need_close = true; -- 2.11.0