gatt: Fix invalid read when disconnecting In case there is a client of AcquireNotify and a disconnect happens the code not only have to free the client object but also destroy the io associated with it, for this reason the client object cannot be freed until the io is destroyed otherwise it may lead to the following error: Invalid read of size 4 at 0x63920: notify_io_destroy (gatt-client.c:1461) by 0x63EDB: pipe_io_destroy (gatt-client.c:1082) by 0x6405B: characteristic_free (gatt-client.c:1663) by 0x81F33: remove_interface (object.c:667) by 0x826CB: g_dbus_unregister_interface (object.c:1391) by 0x85D2B: queue_remove_all (queue.c:354) by 0x635F7: unregister_service (gatt-client.c:1893) by 0x85CF7: queue_remove_all (queue.c:339) by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199) by 0x695CB: gatt_service_removed (device.c:3747) by 0x85B17: queue_foreach (queue.c:220) by 0x91283: notify_service_changed (gatt-db.c:280) by 0x91283: gatt_db_service_destroy (gatt-db.c:291) Address 0x515ed48 is 0 bytes inside a block of size 20 free'd at 0x483EAD0: free (vg_replace_malloc.c:530) by 0x85D2B: queue_remove_all (queue.c:354) by 0x636D3: unregister_characteristic (gatt-client.c:1741) by 0x85D2B: queue_remove_all (queue.c:354) by 0x635F7: unregister_service (gatt-client.c:1893) by 0x85CF7: queue_remove_all (queue.c:339) by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199) by 0x695CB: gatt_service_removed (device.c:3747) by 0x85B17: queue_foreach (queue.c:220) by 0x91283: notify_service_changed (gatt-db.c:280) by 0x91283: gatt_db_service_destroy (gatt-db.c:291) by 0x85D2B: queue_remove_all (queue.c:354) by 0x91387: gatt_db_clear_range (gatt-db.c:475)

Diffstat

1 files changed, 12 insertions(+), 12 deletions(-)