Parent: 924d680ad7f419348be88068ae7c1db3e44e6977
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2014-12-03 13:59:13
Tree: f84806d4bdff0341b0e6197e8e1688e3d1ac1a42
android: Fix crash on android-tester When doing the HAL cleanup the callbacks should be reset to NULL after calling hal_ipc_unregister otherwise an handler may be called leading to invalid reads: BlueZ D: android/hal-a2dp.c:cleanup() bluetoothd[2624]: android/avdtp.c:connection_lost() Disconnected: Input/output error (5) bluetoothd[2624]: android/avdtp.c:avdtp_ref() 0x5841900: ref=2 bluetoothd[2624]: android/a2dp.c:bt_a2dp_notify_state() device 00:AA:01:01:00:00 state 0 ==2564== Thread 3: ==2564== Invalid read of size 8 ==2564== at 0x6B66B47: handle_conn_state (hal-a2dp.c:38) ==2564== by 0x6B6CDB3: notification_handler (hal-ipc.c:125) ==2564== by 0x5368EE4: start_thread (in /usr/lib64/libpthread-2.18.so) ==2564== by 0x5672B8C: clone (in /usr/lib64/libc-2.18.so) ==2564== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Diffstat
| M | android/hal-a2dp-sink.c | | | 4 | ++- - |
| M | android/hal-a2dp.c | | | 4 | ++- - |
| M | android/hal-avrcp-ctrl.c | | | 4 | ++- - |
| M | android/hal-avrcp.c | | | 4 | ++- - |
| M | android/hal-bluetooth.c | | | 4 | ++- - |
| M | android/hal-gatt.c | | | 4 | ++- - |
| M | android/hal-handsfree-client.c | | | 4 | ++- - |
| M | android/hal-handsfree.c | | | 4 | ++- - |
| M | android/hal-health.c | | | 4 | ++- - |
| M | android/hal-hidhost.c | | | 4 | ++- - |
| M | android/hal-pan.c | | | 4 | ++- - |
11 files changed, 22 insertions(+), 22 deletions(-)