From a5aca8f6de825252b5bb72f5d1d8ff7dd1b5247a Mon Sep 17 00:00:00 2001 From: Chao Quan Date: Mon, 24 Jul 2017 19:46:53 +0800 Subject: [PATCH] Fix crash during derigister GATT server When deregister a gatt server, GATT_deregister will use a loop to stop service one by one and call std::list::erase in GATTS_StopService to remove service info. But erase makes iterator lose efficacy. If the iterator is operated after that, Bluetooth will crash. Add the iterator before erase. Test: manual Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa --- stack/gatt/gatt_api.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/stack/gatt/gatt_api.cc b/stack/gatt/gatt_api.cc index fdd684417..1ee014d6a 100644 --- a/stack/gatt/gatt_api.cc +++ b/stack/gatt/gatt_api.cc @@ -1054,9 +1054,11 @@ void GATT_Deregister(tGATT_IF gatt_if) { other application deregisteration need to bed performed in an orderly fashion no check for now */ - for (auto& el : *gatt_cb.srv_list_info) { - if (el.gatt_if == gatt_if) { - GATTS_StopService(el.s_hdl); + for (auto it = gatt_cb.srv_list_info->begin(); it != gatt_cb.srv_list_info->end(); ) { + if (it->gatt_if == gatt_if) { + GATTS_StopService(it++->s_hdl); + } else { + ++it; } } -- 2.11.0