From 5452d474e29f57461c31be65af6f3d42fc368c4c Mon Sep 17 00:00:00 2001 From: Juha Vuolle Date: Wed, 16 Feb 2022 13:35:33 +0200 Subject: Fix Linux bluetooth service discovery crash with multiple services The application code may call stop() for the service discovery agent when it has detected the service-of-interest. The crash occurs because the stop() will clear the list of discovered devices, but the service discovery result handling loop may still be in the middle of processing the services. If the loop accesses the by-now cleared device list on its next iteration, it will cause a list access violation assert. Fixes: QTBUG-100894 Change-Id: Ica300cd8461543b533800ca06551b21d9b256613 Reviewed-by: Ivan Solovev Reviewed-by: Alex Blasche (cherry picked from commit 2de33f78ec374ce6963b9c1715e4942c8cf70bb0) Reviewed-by: Qt Cherry-pick Bot --- src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp index d36a01e3..ce1d5729 100644 --- a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp +++ b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp @@ -273,8 +273,10 @@ void QBluetoothServiceDiscoveryAgentPrivate::_q_finishSdpScan(QBluetoothServiceD qCDebug(QT_BT_BLUEZ) << "Discovered services" << discoveredDevices.at(0).address().toString() << serviceInfo.serviceName() << serviceInfo.serviceUuid() << ">>>" << serviceInfo.serviceClassUuids(); - - emit q->serviceDiscovered(serviceInfo); + // Use queued connection to allow us finish the service looping; the application + // might call stop() when it has detected the service-of-interest. + QMetaObject::invokeMethod(q, "serviceDiscovered", Qt::QueuedConnection, + Q_ARG(QBluetoothServiceInfo, serviceInfo)); } } } -- cgit v1.2.1