From af8630eddd1712b17280cda10746086017be6533 Mon Sep 17 00:00:00 2001 From: weichinweng Date: Thu, 12 Mar 2020 14:47:27 +0800 Subject: [PATCH] HFP: Cleanup bt_hf_callbacks on the jni thread. For the race condition, the bt_hf_callbacks will be set null on main thread when doing btif_hf_upstreams_evt on jni thread. Then it will trigger crash due to btif_hf_upstreams_evt calling a null point. The patch is cleanup bt_hf_callbacks on the jni thread to avoid the race condition. Bug: 140781191 Test: manual, unit test, auto script stress test. Change-Id: I67400749120aebe13fa3e791f624c8e595d63379 Merged-In: I67400749120aebe13fa3e791f624c8e595d63379 --- btif/src/btif_hf.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/btif/src/btif_hf.cc b/btif/src/btif_hf.cc index 99063fd4e..ec4c13f47 100644 --- a/btif/src/btif_hf.cc +++ b/btif/src/btif_hf.cc @@ -1360,14 +1360,18 @@ void HeadsetInterface::Cleanup() { BTIF_TRACE_EVENT("%s", __func__); btif_queue_cleanup(UUID_SERVCLASS_AG_HANDSFREE); - if (bt_hf_callbacks) { + + tBTA_SERVICE_MASK mask = btif_get_enabled_services_mask(); #if (defined(BTIF_HF_SERVICES) && (BTIF_HF_SERVICES & BTA_HFP_SERVICE_MASK)) + if ((mask & (1 << BTA_HFP_SERVICE_ID)) != 0) { btif_disable_service(BTA_HFP_SERVICE_ID); + } #else + if ((mask & (1 << BTA_HSP_SERVICE_ID)) != 0) { btif_disable_service(BTA_HSP_SERVICE_ID); -#endif - bt_hf_callbacks = nullptr; } +#endif + do_in_jni_thread(FROM_HERE, base::Bind([]() { bt_hf_callbacks = nullptr; })); } bt_status_t HeadsetInterface::SetScoAllowed(bool value) { -- 2.11.0