diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:53:25 +0200 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:59:13 +0200 |
| commit | 6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0 (patch) | |
| tree | f84806d4bdff0341b0e6197e8e1688e3d1ac1a42 /android/hal-bluetooth.c | |
| parent | 924d680ad7f419348be88068ae7c1db3e44e6977 (diff) | |
| download | bluez-6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0.tar.gz | |
android: Fix crash on android-tester
When doing the HAL cleanup the callbacks should be reset to NULL
after calling hal_ipc_unregister otherwise an handler may be called
leading to invalid reads:
BlueZ D: android/hal-a2dp.c:cleanup()
bluetoothd[2624]: android/avdtp.c:connection_lost() Disconnected: Input/output error (5)
bluetoothd[2624]: android/avdtp.c:avdtp_ref() 0x5841900: ref=2
bluetoothd[2624]: android/a2dp.c:bt_a2dp_notify_state() device 00:AA:01:01:00:00 state 0
==2564== Thread 3:
==2564== Invalid read of size 8
==2564== at 0x6B66B47: handle_conn_state (hal-a2dp.c:38)
==2564== by 0x6B6CDB3: notification_handler (hal-ipc.c:125)
==2564== by 0x5368EE4: start_thread (in /usr/lib64/libpthread-2.18.so)
==2564== by 0x5672B8C: clone (in /usr/lib64/libc-2.18.so)
==2564== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Diffstat (limited to 'android/hal-bluetooth.c')
| -rw-r--r-- | android/hal-bluetooth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/android/hal-bluetooth.c b/android/hal-bluetooth.c index cceb196ea..fac6b6fbc 100644 --- a/android/hal-bluetooth.c +++ b/android/hal-bluetooth.c @@ -591,9 +591,9 @@ static void cleanup(void) hal_ipc_cleanup(); - bt_hal_cbacks = NULL; - hal_ipc_unregister(HAL_SERVICE_ID_BLUETOOTH); + + bt_hal_cbacks = NULL; } static int get_adapter_properties(void) |