gatt: StartNotify is not allowed when device is disconnecting This patch fixed a bluetoothd crash in register_notify_cb(). The crash is incurred by an exception that under some situation, a characteristic may be freed when register_notify_cb() is invoked. When a device is disconnecting, the device interface would hold valid for a while until the disconnection procedure between the client and the server is completed. If another process happens to request to start notification of a characteristic on the disconnecting device, it may incur a problem. In this case, the client would still send the StartNotify request since the characteristic object is still valid. However, the characteristic may be freed soon and become invalid when the corresponding callback function is invoked later. This leads to the bluetoothd crash due to the segmentation fault. To handle the exception, if another process requests to start notification when the device is disconnecting, it should reject the request. Tested on Chrome OS that this patch fixes bluetoothd crash in register_notify_cb().

Diffstat

1 files changed, 6 insertions(+), 0 deletions(-)