shared/gatt-client: Fix use after free This fixes the following crash which happens when a service changed removes characteristics which have notification pending: ==42544== Invalid read of size 4 ==42544== at 0x4939FA: enable_ccc_callback (gatt-client.c:1163) ==42544== by 0x490D37: handle_rsp (att.c:673) ==42544== by 0x490D37: can_read_data (att.c:845) ==42544== by 0x498ED4: watch_callback (io-glib.c:170) ==42544== by 0x4E7EE39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x4E7F1CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x4E7F4F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x40B12E: main (main.c:661) ==42544== Address 0x7e4eaa8 is 8 bytes inside a block of size 32 free'd ==42544== at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==42544== by 0x48C96D: queue_remove_all (queue.c:360) ==42544== by 0x491AA2: gatt_client_remove_notify_chrcs_in_range (gatt-client.c:331) ==42544== by 0x491AA2: process_service_changed (gatt-client.c:1398) ==42544== by 0x48C74D: queue_foreach (queue.c:239) ==42544== by 0x4936B2: notify_cb (gatt-client.c:1614) ==42544== by 0x490BC6: handle_notify (att.c:800) ==42544== by 0x490BC6: can_read_data (att.c:881) ==42544== by 0x498ED4: watch_callback (io-glib.c:170) ==42544== by 0x4E7EE39: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x4E7F1CF: ??? (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x4E7F4F1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4600.1) ==42544== by 0x40B12E: main (main.c:661)

Diffstat

1 files changed, 11 insertions(+), 11 deletions(-)