a2dp: Fix invalid memory access during abort_ind() There is an invalid memory access w.r.t to the callback during the Abort_Ind finalize_setup_errno(). We should terminate the variable arguments with NULL. Log: bluetoothd[3353]: audio/avdtp.c:avdtp_parse_cmd() Received ABORT_CMD bluetoothd[3353]: audio/a2dp.c:abort_ind() Source 0xb6f5ecc8: Abort_Ind bluetoothd[3353]: audio/a2dp.c:setup_ref() 0xb6f63200: ref=2 bluetoothd[3353]: audio/transport.c:media_transport_remove() Transport /org/bluez/3353/hci0/dev_BC_47_60_F5_88_89/fd1 Owner :1.0 bluetoothd[3353]: audio/transport.c:media_transport_release() Transport /org/bluez/3353/hci0/dev_BC_47_60_F5_88_89/fd1: read lock released bluetoothd[3353]: audio/transport.c:media_transport_release() Transport /org/bluez/3353/hci0/dev_BC_47_60_F5_88_89/fd1: write lock released bluetoothd[3353]: audio/transport.c:media_request_reply() Request Acquire Reply Input/output error bluetoothd[3353]: audio/transport.c:media_owner_free() Owner :1.0 bluetoothd[3353]: audio/transport.c:media_owner_remove() Owner :1.0 Request Acquire bluetoothd[3353]: audio/a2dp.c:a2dp_sep_unlock() SEP 0xb6f5ecc8 unlocked bluetoothd[3353]: audio/a2dp.c:setup_unref() 0xb6f63200: ref=1 [sys_assert]START of sighandler [sys-assert]exepath = bluetoothd [sys-assert]processname = bluetoothd [sys_assert]this thread is main thread. pid=3353 [sys-assert]cs timestr 1358524835 bluetoothd[3353]: crashed [1358524835] processname=bluetoothd, pid=3353, tid=3353, signal=11 [sys-assert]start print_node_to_file sighandler = 0xb6e8cfc9, g_sig_oldact[i] = (nil) [sys_assert]END of sighandler Segmentation fault (core dumped)

Diffstat

1 files changed, 1 insertions(+), 1 deletions(-)