From 7dc00a0ec4ef7fc78ccef237e2486b27adff5503 Mon Sep 17 00:00:00 2001
From: Jakub Tyszkowski <jakub.tyszkowski@tieto.com>
Date: Wed, 21 May 2014 16:34:40 +0200
Subject: [PATCH] android/gatt: Check for connection state on connection search

This search was used with the assumption that connection is in
"connected" state. This could result in attrib pointer being
dereferenced while it's still NULL (pending connection).
---
 android/gatt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/android/gatt.c b/android/gatt.c
index 772c253d8..48da9cc10 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -364,8 +364,14 @@ static bool match_connection_by_device_and_app(const void *data,
 
 static struct app_connection *find_connection_by_id(int32_t conn_id)
 {
-	return queue_find(app_connections, match_connection_by_id,
+	struct app_connection *conn;
+
+	conn = queue_find(app_connections, match_connection_by_id,
 							INT_TO_PTR(conn_id));
+	if (conn && conn->device->state == DEVICE_CONNECTED)
+		return conn;
+
+	return NULL;
 }
 
 static bool match_connection_by_device(const void *data, const void *user_data)
-- 
2.47.3