From 622d98afbb4f147d0ead1961c80406072bc45aa7 Mon Sep 17 00:00:00 2001
From: Howard Chung <howardchung@google.com>
Date: Tue, 24 Mar 2020 11:21:45 +0800
Subject: [PATCH] avdtp: Fix crashes in avdtp_abort

In avdtp_abort, if setup->stream is NULL, trying to access
stream->lsep will crash.
---
 profiles/audio/avdtp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
index 0e075f9ff..aabc5ce51 100644
--- a/profiles/audio/avdtp.c
+++ b/profiles/audio/avdtp.c
@@ -3566,7 +3566,6 @@ int avdtp_abort(struct avdtp *session, struct avdtp_stream *stream)
 {
 	struct seid_req req;
 	int ret;
-	struct avdtp_local_sep *sep = stream->lsep;
 
 	if (!stream && session->discover) {
 		/* Don't call cb since it being aborted */
@@ -3581,7 +3580,7 @@ int avdtp_abort(struct avdtp *session, struct avdtp_stream *stream)
 	if (stream->lsep->state == AVDTP_STATE_ABORTING)
 		return -EINVAL;
 
-	avdtp_sep_set_state(session, sep, AVDTP_STATE_ABORTING);
+	avdtp_sep_set_state(session, stream->lsep, AVDTP_STATE_ABORTING);
 
 	if (session->req && stream == session->req->stream)
 		return cancel_request(session, ECANCELED);
-- 
2.47.3