diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-04-24 16:30:31 -0700 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-04-25 16:37:48 -0700 |
| commit | 614d6630271584a29c3de5f9e705bd4af656a5f8 (patch) | |
| tree | ee7b98799801652eab08edc81cb23f0673697e65 | |
| parent | 1abd45bb45bf284745d58f5cbd82a7bf39b1ed35 (diff) | |
| download | bluez-614d6630271584a29c3de5f9e705bd4af656a5f8.tar.gz | |
share/bap: Fix not removing timeout on bap_free
This fixes not removing the process_id timeout when freeing the session
which can cause the following crash:
Invalid read of size 8
at 0x18EB39: bap_debug (bap.c:553)
by 0x1913A8: bap_process_queue (bap.c:3542)
by 0x1A8630: timeout_callback (timeout-glib.c:25)
Address 0x55e0650 is 128 bytes inside a block of size 160 free'd
at 0x48480E4: free (vg_replace_malloc.c:872)
| -rw-r--r-- | src/shared/bap.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/shared/bap.c b/src/shared/bap.c index bc6177a5b..6131c3128 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -2600,6 +2600,8 @@ static void bap_free(void *data) { struct bt_bap *bap = data; + timeout_remove(bap->process_id); + bt_bap_detach(bap); bap_db_free(bap->rdb); |