Parent: 649fd8766a0d61f16d39401ba3dd507dfcd49630
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2015-03-05 13:52:11
Tree: 0f3b5a32d7f914f67611d5d2b7166fb010244fc4
shared/att: Fix invalid read The following backtrace can be reproduced with unit/test-gatt and it is caused by the callback removing all entries from notify list: Invalid read of size 8 at 0x438FE9: handle_notify (att.c:755) by 0x438FE9: can_read_data (att.c:841) by 0x4465AA: watch_callback (io-glib.c:170) by 0x4E7EAEA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.1) by 0x4E7EE87: ??? (in /usr/lib64/libglib-2.0.so.0.4200.1) by 0x4E7F1B1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.1) by 0x437161: tester_run (tester.c:817) by 0x433308: main (test-gatt.c:3174) Address 0x59671f0 is 16 bytes inside a block of size 24 free'd at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x446E58: queue_entry_unref (queue.c:96) by 0x4474E9: queue_remove_if (queue.c:338) by 0x438CAE: bt_att_unregister (att.c:1327) by 0x43EF4B: bt_gatt_client_free (gatt-client.c:1578) by 0x43F040: bt_gatt_client_unref (gatt-client.c:1689) by 0x43F0B8: notify_cb (gatt-client.c:1551) by 0x4390AE: handle_notify (att.c:764) by 0x4390AE: can_read_data (att.c:841) by 0x4465AA: watch_callback (io-glib.c:170) by 0x4E7EAEA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.1) by 0x4E7EE87: ??? (in /usr/lib64/libglib-2.0.so.0.4200.1) by 0x4E7F1B1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.1)
Diffstat
| M | src/shared/att.c | | | 6 | ++++- - |
1 files changed, 4 insertions(+), 2 deletions(-)