diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:53:25 +0200 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:59:13 +0200 |
commit | 6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0 (patch) | |
tree | f84806d4bdff0341b0e6197e8e1688e3d1ac1a42 /android/hal-handsfree-client.c | |
parent | 924d680ad7f419348be88068ae7c1db3e44e6977 (diff) | |
download | bluez-6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0.tar.gz |
android: Fix crash on android-tester
When doing the HAL cleanup the callbacks should be reset to NULL
after calling hal_ipc_unregister otherwise an handler may be called
leading to invalid reads:
BlueZ D: android/hal-a2dp.c:cleanup()
bluetoothd[2624]: android/avdtp.c:connection_lost() Disconnected: Input/output error (5)
bluetoothd[2624]: android/avdtp.c:avdtp_ref() 0x5841900: ref=2
bluetoothd[2624]: android/a2dp.c:bt_a2dp_notify_state() device 00:AA:01:01:00:00 state 0
==2564== Thread 3:
==2564== Invalid read of size 8
==2564== at 0x6B66B47: handle_conn_state (hal-a2dp.c:38)
==2564== by 0x6B6CDB3: notification_handler (hal-ipc.c:125)
==2564== by 0x5368EE4: start_thread (in /usr/lib64/libpthread-2.18.so)
==2564== by 0x5672B8C: clone (in /usr/lib64/libc-2.18.so)
==2564== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Diffstat (limited to 'android/hal-handsfree-client.c')
-rw-r--r-- | android/hal-handsfree-client.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/android/hal-handsfree-client.c b/android/hal-handsfree-client.c index 66b5df48f..93b5746b6 100644 --- a/android/hal-handsfree-client.c +++ b/android/hal-handsfree-client.c @@ -616,14 +616,14 @@ static void cleanup(void) if (!interface_ready()) return; - cbs = NULL; - cmd.service_id = HAL_SERVICE_ID_HANDSFREE_CLIENT; hal_ipc_cmd(HAL_SERVICE_ID_CORE, HAL_OP_UNREGISTER_MODULE, sizeof(cmd), &cmd, NULL, NULL, NULL); hal_ipc_unregister(HAL_SERVICE_ID_HANDSFREE_CLIENT); + + cbs = NULL; } static bthf_client_interface_t iface = { |