From 8f262a27bdf233f142a7bb22bf3f8c6db53debee Mon Sep 17 00:00:00 2001
From: Silviu Florian Barbulescu <silviu.barbulescu@nxp.com>
Date: Fri, 23 Feb 2024 16:16:09 +0200
Subject: [PATCH] shared/bap: Fix crash unreg bcast src endpoint

In bt_bap_stream_release stream is accessed after free
---
 src/shared/bap.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/shared/bap.c b/src/shared/bap.c
index f5fc14027..626e8f127 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -5411,16 +5411,17 @@ unsigned int bt_bap_stream_release(struct bt_bap_stream *stream,
 					void *user_data)
 {
 	unsigned int id;
+	struct bt_bap *bap = stream->bap;
 
 	if (!stream || !stream->ops || !stream->ops->release)
 		return 0;
 
-	if (!bt_bap_ref_safe(stream->bap))
+	if (!bt_bap_ref_safe(bap))
 		return 0;
 
 	id = stream->ops->release(stream, func, user_data);
 
-	bt_bap_unref(stream->bap);
+	bt_bap_unref(bap);
 
 	return id;
 }
-- 
2.47.3