From 64daf61e43d644023ff16ecbc57fa25516eb34da Mon Sep 17 00:00:00 2001
From: Jakub Tyszkowski <jakub.tyszkowski@tieto.com>
Date: Fri, 6 Jun 2014 15:46:16 +0200
Subject: [PATCH] android/gatt: Dont process pending requests if queue is empty

Processing empty queue can result with crash:

bluetoothd[1670]:
    external/bluetooth/bluez/attrib/gattrib.c:g_attrib_ref() 0x6035878:
    ref=2
    02-23 21:36:05.650 I/bluetoothd( 1669): ==1670== Invalid
    read of size 1
    02-23 21:36:05.650 I/bluetoothd( 1669): ==1670==    at 0x12151E:
    send_dev_pending_response (gatt.c:3914)
    02-23 21:36:05.650 I/bluetoothd( 1669): ==1670==    by 0x121B33:
    process_dev_pending_requests (gatt.c:4228)
    02-23 21:36:05.650 I/bluetoothd( 1669): ==1670==    by 0x123955:
    att_handler (gatt.c:5049)
---
 android/gatt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/android/gatt.c b/android/gatt.c
index c173b89f1..c3dc41c29 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -4175,6 +4175,9 @@ static void process_dev_pending_requests(struct gatt_device *device,
 {
 	struct request_processing_data process_data;
 
+	if (queue_isempty(device->pending_requests))
+		return;
+
 	process_data.device = device;
 	process_data.opcode = att_opcode;
 
-- 
2.47.3