From 23843b393e7223cf454f74d7949dc7f4d3ff70d8 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Thu, 17 Sep 2020 18:03:31 -0700 Subject: [PATCH] avdtp: Fix not checking if stream is already set as pending open When receiving a Open command the stream will be set as pending_open but the remote may attempt to send yet another Open command in the meantime resulting in another setup and yet another timer leaving the old timer active which will likely cause a crash when it expires. --- profiles/audio/avdtp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index 782268c08..e0c6f44f0 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -1687,7 +1687,7 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, stream = sep->stream; - if (sep->ind && sep->ind->open) { + if (sep->ind && sep->ind->open && !session->pending_open) { if (!sep->ind->open(session, sep, stream, &err, sep->user_data)) goto failed; @@ -1699,11 +1699,13 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, AVDTP_OPEN, NULL, 0)) return FALSE; - stream->open_acp = TRUE; - session->pending_open = stream; - stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, + if (!session->pending_open) { + stream->open_acp = TRUE; + session->pending_open = stream; + stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, stream_open_timeout, stream); + } return TRUE; -- 2.47.3