From 0fc54b81a3d2e0a811990288b4c96287a9554518 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Fri, 5 Dec 2014 16:29:30 +0200 Subject: [PATCH] shared/gatt-db: Fix invalid read notify_list has to be reset to NULL otherwise gatt_db_service_destroy may still attempt to access it: Invalid read of size 4 at 0x4166E5: queue_isempty (queue.c:398) by 0x41489B: gatt_db_service_destroy (gatt-db.c:235) by 0x416650: queue_remove_all (queue.c:375) by 0x4166A4: queue_destroy (queue.c:81) by 0x414817: gatt_db_unref (gatt-db.c:273) by 0x40B5F3: destroy_context (test-gatt.c:587) by 0x40C132: test_server (test-gatt.c:602) by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2) Address 0x577bfa8 is 24 bytes inside a block of size 32 free'd at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x414807: gatt_db_unref (gatt-db.c:272) by 0x40B5F3: destroy_context (test-gatt.c:587) by 0x40C132: test_server (test-gatt.c:602) by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x40A9D7: main (test-gatt.c:1216) --- src/shared/gatt-db.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c index 701f5a426..37ec946d5 100644 --- a/src/shared/gatt-db.c +++ b/src/shared/gatt-db.c @@ -270,6 +270,8 @@ static void gatt_db_destroy(struct gatt_db *db) * latter from sending service_removed events. */ queue_destroy(db->notify_list, notify_destroy); + db->notify_list = NULL; + queue_destroy(db->services, gatt_db_service_destroy); free(db); } -- 2.47.3