From c60914a2711169a814aa9b2009dcafd3d4bdad3a Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Mon, 15 Dec 2014 16:52:52 -0200
Subject: [PATCH] shared/gatt-client: Fix memory leak

When parsing descriptors the code sometimes skips if the handle is
outside the characteristic thus causing the data to leak:

224 bytes in 8 blocks are definitely lost in loss record 218 of 249
   at 0x4C291D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x485734: discover_chrcs_cb (gatt-client.c:677)
   by 0x489B7B: discover_chrcs_cb (gatt-helpers.c:1227)
   by 0x4840F1: can_read_data (att.c:600)
   by 0x488ED4: watch_callback (io-glib.c:170)
   by 0x4E7A2A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x4E7A627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x4E7AA39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
   by 0x40A992: main (main.c:631)
---
 src/shared/gatt-client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index 6ca027f9e..56a793561 100644
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -510,8 +510,10 @@ static bool discover_descs(struct discovery_op *op, bool *discovering)
 
 		desc_start = chrc_data->value_handle + 1;
 
-		if (desc_start > chrc_data->end_handle)
+		if (desc_start > chrc_data->end_handle) {
+			free(chrc_data);
 			continue;
+		}
 
 		if (bt_gatt_discover_descriptors(client->att, desc_start,
 							chrc_data->end_handle,
-- 
2.47.3