From 215ecf403ac1de497d7deb5d952e1afa77210db8 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Fri, 17 Nov 2017 11:47:01 +0200
Subject: [PATCH] adapter: Fix crash while reseting discovery filter

The client watch should be removed when freeing the discovery client
otherwise the disconnect callback my still be called:

Invalid read of size 8
   at 0x490495: discovery_disconnect (adapter.c:2129)
   by 0x4CA909: service_filter (watch.c:481)
   by 0x4CA4F8: message_filter (watch.c:557)
   by 0x53AC32C: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.0)
   by 0x4C933F: message_dispatch (mainloop.c:72)
   by 0x50C9C26: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x40CD60: main (main.c:770)
 Address 0x931a4f0 is 16 bytes inside a block of size 40 free'd
   at 0x4C2FD18: free (vg_replace_malloc.c:530)
   by 0x50D2B4D: g_free (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x48FF00: set_discovery_filter (adapter.c:2462)
   by 0x4CE6E2: process_message.isra.3 (object.c:259)
   by 0x4CEF14: generic_message (object.c:1079)
   by 0x53BB57F: ??? (in /usr/lib64/libdbus-1.so.3.19.0)
   by 0x53AC3A9: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.0)
   by 0x4C933F: message_dispatch (mainloop.c:72)
   by 0x50C9C26: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
   by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
---
 src/adapter.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/adapter.c b/src/adapter.c
index 1c751b1d4..f3d88ab1a 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -2458,8 +2458,7 @@ static DBusMessage *set_discovery_filter(DBusConnection *conn,
 		adapter->set_filter_list = g_slist_remove(
 					      adapter->set_filter_list,
 					      client);
-		g_free(client->owner);
-		g_free(client);
+		discovery_free(client);
 		DBG("successfully cleared pre-set filter");
 	} else if (discovery_filter) {
 		/* Client pre-setting his filter for first time */
-- 
2.47.3