diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:53:25 +0200 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2014-12-03 13:59:13 +0200 |
commit | 6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0 (patch) | |
tree | f84806d4bdff0341b0e6197e8e1688e3d1ac1a42 /android/hal-pan.c | |
parent | 924d680ad7f419348be88068ae7c1db3e44e6977 (diff) | |
download | bluez-6dfd0d376ff222eb7da283ece7f88a1cc6f4a0c0.tar.gz |
android: Fix crash on android-tester
When doing the HAL cleanup the callbacks should be reset to NULL
after calling hal_ipc_unregister otherwise an handler may be called
leading to invalid reads:
BlueZ D: android/hal-a2dp.c:cleanup()
bluetoothd[2624]: android/avdtp.c:connection_lost() Disconnected: Input/output error (5)
bluetoothd[2624]: android/avdtp.c:avdtp_ref() 0x5841900: ref=2
bluetoothd[2624]: android/a2dp.c:bt_a2dp_notify_state() device 00:AA:01:01:00:00 state 0
==2564== Thread 3:
==2564== Invalid read of size 8
==2564== at 0x6B66B47: handle_conn_state (hal-a2dp.c:38)
==2564== by 0x6B6CDB3: notification_handler (hal-ipc.c:125)
==2564== by 0x5368EE4: start_thread (in /usr/lib64/libpthread-2.18.so)
==2564== by 0x5672B8C: clone (in /usr/lib64/libc-2.18.so)
==2564== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Diffstat (limited to 'android/hal-pan.c')
-rw-r--r-- | android/hal-pan.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/android/hal-pan.c b/android/hal-pan.c index cd783bc10..61d44a930 100644 --- a/android/hal-pan.c +++ b/android/hal-pan.c @@ -184,14 +184,14 @@ static void pan_cleanup(void) if (!interface_ready()) return; - cbs = NULL; - cmd.service_id = HAL_SERVICE_ID_PAN; hal_ipc_cmd(HAL_SERVICE_ID_CORE, HAL_OP_UNREGISTER_MODULE, sizeof(cmd), &cmd, NULL, NULL, NULL); hal_ipc_unregister(HAL_SERVICE_ID_PAN); + + cbs = NULL; } static btpan_interface_t pan_if = { |