Fix invalid read from memory issue in AVDTP module Changing stream state from STREAMING to IDLE can be associated with side effects under some circumstances (such as terminating bluetoothd during music is streamed). In this case, after connection is lost, stream state changes from STREAMING to IDLE - "avdtp_sep_set_state" is triggered which invokes callback called "stream_state_changed" which internally invokes "avdtp_sep_set_state" (state of stream doesn't change and stays as IDLE) second time and then stream callbacks list is discarded by "stream_free" ("g_slist_free(stream->callbacks)"). After returning from callback, "stream->callbacks" list (and "l" pointer as well) is already out of date, so attempting to fetch "l->next" pointer (returned by "g_slist_next(l)" to be prepared to next iteration of "for" loop) from node on discarded list leads to invalid read issue (reported by valgrind). This patch prevents from this issue by moving "l = g_slist_next(l)" instruction just before invoking callback - loop has been modified and "while" used instead of "for" loop variant.

Diffstat

1 files changed, 3 insertions(+), 1 deletions(-)