From cb53d86be62e61d4de615fda6453f96015abb837 Mon Sep 17 00:00:00 2001 From: Yun-Hao Chung Date: Tue, 20 Jul 2021 19:51:37 +0800 Subject: [PATCH] core: fix a possible crash when removing devices In probe_service, if the service already exists in device->services, it returns the service. This might cause dev_probe and device_probe_profile to add a duplicate service into device->services. When removing the device, a double-free error might occur. This patch changes the logic of probe_service so that the same service will not be added to a device. --- src/device.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index faf07ba22..b29aa195d 100644 --- a/src/device.c +++ b/src/device.c @@ -4624,8 +4624,11 @@ static struct btd_service *probe_service(struct btd_device *device, return NULL; l = find_service_with_profile(device->services, profile); + /* If the service already exists, return NULL so that it won't be added + * to the device->services. + */ if (l) - return l->data; + return NULL; service = service_create(device, profile); -- 2.47.3