obexd: Fix regression causing crash in 3-way calling Fix obexd crash in 3-way calling scenario. Crash happens when there is redialed second incoming call. Cache for the PBAP session is already created at that moment, but PBAP object is destroyed. Crash happens when object is dereferenced in vobject_list_open. Therefore, PBAP object has to be created before any attempt to write cached data to buffer associated to this object. However, cache_ready_notify function, which is invoked in vobject_vcard_open for valid cache case, sends also PBAP object data via callback function to obex.c and written to OBEX stream as GET response in handle_async_io handler function. A new response is sent to OBEX stream after cache_ready_notify exists to vobject_list_open function, which is callback function for obex_mime_type_driver. Such leads to undefined befavior. Therefore, cache_ready_notify is splitted in two cache_ready_notify and generate_response functions. generate_response fills data to buffer and returns error, if any, while cache_ready_notify notifies OBEX core to write this data to stream. In order to avoid writing to stream twice, cache_ready_notify is replaced by generate_response in vobject_list_open. As a result, PBAP buffer data is generated from existing cache and sent to stream upon start of OBEX stream after vobject_list_open exits.

Diffstat

1 files changed, 54 insertions(+), 44 deletions(-)