gatt: Fix crash when cleanup notify_io When removing interfaces the code will attempt to free any notify client but the notify_io may still be pointing to the client causing the following crash: Invalid read of size 8 at 0x49D531: notify_io_destroy (gatt-client.c:1452) by 0x49E1B2: pipe_io_destroy (gatt-client.c:1077) by 0x49E25D: characteristic_free (gatt-client.c:1650) by 0x4CA2B9: remove_interface (object.c:667) by 0x4CAF05: g_dbus_unregister_interface (object.c:1391) by 0x49D248: unregister_characteristic (gatt-client.c:1730) by 0x4D0956: queue_remove_all (queue.c:351) by 0x49D05D: unregister_service (gatt-client.c:1879) by 0x4D0956: queue_remove_all (queue.c:351) by 0x4D09B4: queue_destroy (queue.c:73) by 0x4A10C6: btd_gatt_client_destroy (gatt-client.c:2079) by 0x4A4087: device_free (device.c:640) Address 0x8f56b00 is 0 bytes inside a block of size 32 free'd at 0x4C2FD18: free (vg_replace_malloc.c:530) by 0x49D4AF: notify_client_unref (gatt-client.c:1267) by 0x49D520: remove_client (gatt-client.c:1711) by 0x4D0956: queue_remove_all (queue.c:351) by 0x49D205: unregister_characteristic (gatt-client.c:1727) by 0x4D0956: queue_remove_all (queue.c:351) by 0x49D05D: unregister_service (gatt-client.c:1879) by 0x4D0956: queue_remove_all (queue.c:351) by 0x4D09B4: queue_destroy (queue.c:73) by 0x4A10C6: btd_gatt_client_destroy (gatt-client.c:2079) by 0x4A4087: device_free (device.c:640) by 0x4CA2B9: remove_interface (object.c:667)

Diffstat

1 files changed, 2 insertions(+), 2 deletions(-)