From 29dee7b54303423d72bc737bb806886d300e9cc4 Mon Sep 17 00:00:00 2001 From: Iulia Tanasescu Date: Fri, 2 Feb 2024 16:10:34 +0200 Subject: [PATCH] shared/bap: Properly cleanup bap remote endpoints When freeing a remote bap endpoint, the endpoint reference inside the stream should be set to NULL, to avoid later use after free errors. --- src/shared/bap.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/shared/bap.c b/src/shared/bap.c index ac17eea13..00d211c15 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -2984,6 +2984,16 @@ static void bap_state_free(void *data) free(state); } +static void bap_ep_free(void *data) +{ + struct bt_bap_endpoint *ep = data; + + if (ep && ep->stream) + ep->stream->ep = NULL; + + free(ep); +} + static void bap_detached(void *data, void *user_data) { struct bt_bap_cb *cb = data; @@ -3006,7 +3016,7 @@ static void bap_free(void *data) queue_destroy(bap->ready_cbs, bap_ready_free); queue_destroy(bap->state_cbs, bap_state_free); queue_destroy(bap->local_eps, free); - queue_destroy(bap->remote_eps, free); + queue_destroy(bap->remote_eps, bap_ep_free); queue_destroy(bap->reqs, bap_req_free); queue_destroy(bap->notify, NULL); -- 2.47.3