From 3fc2ac10c68a57b1fbdc8c464c6a181d4ab31053 Mon Sep 17 00:00:00 2001
From: "Igor V. Kovalenko" <igor.v.kovalenko@gmail.com>
Date: Thu, 15 Oct 2020 23:55:17 +0300
Subject: module-bluez5-discover: avoid use after free on de-init

Hashmap loaded_device_paths contain objects holding keys to entries, and
these objects must be alive while map is emptied.

Reorder freeing this hashmap before destroying device objects to fix
crash on exit.
---
 src/modules/bluetooth/module-bluez5-discover.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/modules/bluetooth/module-bluez5-discover.c b/src/modules/bluetooth/module-bluez5-discover.c
index b6c8eb050..47b576103 100644
--- a/src/modules/bluetooth/module-bluez5-discover.c
+++ b/src/modules/bluetooth/module-bluez5-discover.c
@@ -163,11 +163,11 @@ void pa__done(pa_module *m) {
     if (u->device_connection_changed_slot)
         pa_hook_slot_free(u->device_connection_changed_slot);
 
-    if (u->discovery)
-        pa_bluetooth_discovery_unref(u->discovery);
-
     if (u->loaded_device_paths)
         pa_hashmap_free(u->loaded_device_paths);
 
+    if (u->discovery)
+        pa_bluetooth_discovery_unref(u->discovery);
+
     pa_xfree(u);
 }
-- 
cgit v1.2.1