From 96ef1671929abb30ab3ee29752f5f93a7be47c14 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 12 Jun 2013 16:25:44 +0300
Subject: [PATCH] tools/bluetooth-player: Fix crash when using search command

Invalid read of size 8
   at 0x3F34619C4A: dbus_message_iter_append_basic (in /usr/lib64/libdbus-1.so.3.7.2)
   by 0x40B764: search_setup (bluetooth-player.c:893)
   by 0x4094FC: g_dbus_proxy_method_call (client.c:742)
   by 0x40C2A4: cmd_search (bluetooth-player.c:941)
   by 0x40B307: rl_handler (bluetooth-player.c:1099)
   by 0x3733E2AFDA: rl_callback_read_char (in /usr/lib64/libreadline.so.6.2)
   by 0x40BC0D: input_handler (bluetooth-player.c:1216)
   by 0x3F31A47A54: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x3F31A47D87: ??? (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x3F31A48181: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x40445F: main (bluetooth-player.c:1434)
 Address 0x4d4beb0 is 0 bytes inside a block of size 4 alloc'd
   at 0x4A0887C: malloc (vg_replace_malloc.c:270)
   by 0x3F31A4D68E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x3F31A63F0B: g_strdup (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x40C281: cmd_search (bluetooth-player.c:939)
   by 0x40B307: rl_handler (bluetooth-player.c:1099)
   by 0x3733E2AFDA: rl_callback_read_char (in /usr/lib64/libreadline.so.6.2)
   by 0x40BC0D: input_handler (bluetooth-player.c:1216)
   by 0x3F31A47A54: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x3F31A47D87: ??? (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x3F31A48181: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3400.2)
   by 0x40445F: main (bluetooth-player.c:1434)
---
 tools/bluetooth-player.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/bluetooth-player.c b/tools/bluetooth-player.c
index 73feab297..c0074dd90 100644
--- a/tools/bluetooth-player.c
+++ b/tools/bluetooth-player.c
@@ -890,7 +890,7 @@ static void search_setup(DBusMessageIter *iter, void *user_data)
 	char *string = user_data;
 	DBusMessageIter dict;
 
-	dbus_message_iter_append_basic(iter, DBUS_TYPE_STRING, string);
+	dbus_message_iter_append_basic(iter, DBUS_TYPE_STRING, &string);
 
 	dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY,
 					DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING
-- 
2.47.3