diff options
| author | Patrik Flykt <patrik.flykt@linux.intel.com> | 2017-03-09 09:59:58 +0200 |
|---|---|---|
| committer | Daniel Wagner <wagi@monom.org> | 2017-03-12 20:45:54 +0100 |
| commit | ef9255d8cad1bd3fd2a2c080e07d00a94461c0cc (patch) | |
| tree | 4dace67be51195074271733945da630eed52d0d0 /plugins/bluetooth.c | |
| parent | 0d2778e364962a41b83b6714990fd7dcc15af0c4 (diff) | |
| download | connman-ef9255d8cad1bd3fd2a2c080e07d00a94461c0cc.tar.gz | |
bluetooth: Check for network in callbacks
If there is an ongoing connect or disconnect when the system is suspended,
the Bluetooth PAN device might be gone when the system resumes. This can
cause the network being removed before the connect or disconnect callback
is called. As the connect or disconnect callback do not re-check for an
existing pan->network, a crash will happen as a NULL network is accessed.
Fix this by verifying that pan->network exists when the callback is called.
connmand[9153]: src/network.c:__connman_network_disconnect() network 0x563544e6ca30
connmand[9153]: plugins/bluetooth.c:bluetooth_pan_disconnect() network 0x563544e6ca30
connmand[9153]: src/network.c:connman_network_unref_debug() 0x563544e6ca30 name phone ref 3 by src/service.c:4687:service_free()
connmand[9153]: src/ipconfig.c:__connman_ipconfig_unref_debug() 0x563544e58330 ref 0 by src/service.c:4697:service_free()
connmand[9153]: src/ipconfig.c:__connman_ipconfig_disable() ipconfig 0x563544e58330
connmand[9153]: src/ipconfig.c:__connman_ipconfig_unref_debug() 0x563544e81fd0 ref 0 by src/service.c:4704:service_free()
connmand[9153]: src/ipconfig.c:__connman_ipconfig_disable() ipconfig 0x563544e81fd0
connmand[9153]: plugins/bluetooth.c:bluetooth_pan_remove() network 0x563544e6ca30 pan 0x563544e580b0
connmand[9153]: plugins/bluetooth.c:pan_remove_nap() network 0x563544e6ca30 pan 0x563544e580b0
connmand[9153]: src/device.c:connman_device_remove_network() device 0x563544e630d0 network 0x563544e6ca30
connmand[9153]: src/device.c:free_network() network 0x563544e6ca30
connmand[9153]: src/network.c:network_remove() network 0x563544e6ca30 name phone
connmand[9153]: plugins/bluetooth.c:bluetooth_pan_remove() network 0x563544e6ca30 pan (nil)
connmand[9153]: src/network.c:connman_network_unref_debug() 0x563544e6ca30 name phone ref 2 by src/device.c:378:free_network()
connmand[9153]: src/network.c:connman_network_unref_debug() 0x563544e6ca30 name phone ref 1 by plugins/bluetooth.c:160:pan_remove_nap()
connmand[9153]: src/network.c:connman_network_unref_debug() 0x563544e6ca30 name phone ref 0 by src/device.c:378:free_network()
connmand[9153]: src/network.c:network_destruct() network 0x563544e6ca30 name phone
connmand[9153]: plugins/bluetooth.c:pan_connect_cb() network (nil) org.bluez.Error.Failed
connmand[9153]: src/network.c:connman_network_set_associating() network (nil) associating 0
connmand[9153]: Aborting (signal 11) [src/connmand]
connmand[9153]: ++++++++ backtrace ++++++++
Diffstat (limited to 'plugins/bluetooth.c')
| -rw-r--r-- | plugins/bluetooth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c index 401bb30f..f759a902 100644 --- a/plugins/bluetooth.c +++ b/plugins/bluetooth.c @@ -206,7 +206,7 @@ static void pan_connect_cb(DBusMessage *message, void *user_data) DBusMessageIter iter; pan = g_hash_table_lookup(networks, path); - if (!pan) { + if (!pan || !pan->network) { DBG("network already removed"); return; } @@ -273,7 +273,7 @@ static void pan_disconnect_cb(DBusMessage *message, void *user_data) struct bluetooth_pan *pan; pan = g_hash_table_lookup(networks, path); - if (!pan) { + if (!pan || !pan->network) { DBG("network already removed"); return; } |