diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-03-14 12:23:25 -0700 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-03-14 13:52:59 -0700 |
| commit | 857d9b96b38401ce5666172ddea115d37ad6af70 (patch) | |
| tree | f0a5774d3f8c9ce3e22e105d1e60d15218fec202 /src | |
| parent | 6ae44c74aaf93468ddc626a02b8f0420a808b13e (diff) | |
| download | bluez-857d9b96b38401ce5666172ddea115d37ad6af70.tar.gz | |
shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister
This fixes the following crash:
Invalid read of size 8
at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
by 0x1EB6BD: bt_bap_detach (bap.c:3821)
by 0x1EB6BD: bt_bap_detach (bap.c:3808)
by 0x1D5631: queue_foreach (queue.c:207)
by 0x1DCAA3: disconnect_cb (att.c:713)
by 0x1F4404: watch_callback (io-glib.c:157)
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x1304B4: main (main.c:1428)
Address 0x28 is not stack'd, malloc'd or (recently) free'd
Diffstat (limited to 'src')
| -rw-r--r-- | src/shared/gatt-client.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c index f0499cc0e..9ffc10b0b 100644 --- a/src/shared/gatt-client.c +++ b/src/shared/gatt-client.c @@ -3809,6 +3809,9 @@ bool bt_gatt_client_idle_unregister(struct bt_gatt_client *client, { struct idle_cb *idle = UINT_TO_PTR(id); + if (!client || !id) + return false; + if (queue_remove(client->idle_cbs, idle)) { idle_destroy(idle); return true; |