From 698ef6bbd9324dbd044903ed0f79020e31d70527 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Mon, 1 Jun 2020 14:25:30 -0700 Subject: [PATCH] a2dp: Fix crash on transport_cb There have been reports of crashes on transport_cb where the setup would most likely already have been freed but transport_cb would still be called, so instead of assuming the setup pointer would be valid try to lookup the list of active setups and log a warning when it happens. --- profiles/audio/a2dp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index 7f14c880a..0a66589b0 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -2218,6 +2218,12 @@ static void transport_cb(GIOChannel *io, GError *err, gpointer user_data) struct a2dp_setup *setup = user_data; uint16_t omtu, imtu; + if (!g_slist_find(setups, setup)) { + warn("bt_io_accept: setup %p no longer valid", setup); + g_io_channel_shutdown(io, TRUE, NULL); + return; + } + if (err) { error("%s", err->message); goto drop; @@ -3376,4 +3382,4 @@ static void a2dp_exit(void) } BLUETOOTH_PLUGIN_DEFINE(a2dp, VERSION, BLUETOOTH_PLUGIN_PRIORITY_DEFAULT, - a2dp_init, a2dp_exit) + a2dp_init, a2dp_exit) -- 2.47.3