Message ID | 20210119193512.821918-1-luiz.dentz@gmail.com |
---|---|
State | New |
Headers | show |
Series | [BlueZ] gatt: Fix crash when a device is removed | expand |
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=417643 ---Test result--- ############################## Test: CheckPatch - PASS ############################## Test: CheckGitLint - PASS ############################## Test: CheckBuild - PASS ############################## Test: MakeCheck - PASS --- Regards, Linux Bluetooth
Hi, On Tue, Jan 19, 2021 at 12:27 PM <bluez.test.bot@gmail.com> wrote: > > This is automated email and please do not reply to this email! > > Dear submitter, > > Thank you for submitting the patches to the linux bluetooth mailing list. > This is a CI test results with your patch series: > PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=417643 > > ---Test result--- > > ############################## > Test: CheckPatch - PASS > > ############################## > Test: CheckGitLint - PASS > > ############################## > Test: CheckBuild - PASS > > ############################## > Test: MakeCheck - PASS > > > > --- > Regards, > Linux Bluetooth Pushed. -- Luiz Augusto von Dentz
diff --git a/src/gatt-database.c b/src/gatt-database.c index d99604826..d635c3214 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -1350,11 +1350,17 @@ static void send_notification_to_device(void *data, void *user_data) if (!ccc->value || (notify->conf && !(ccc->value & 0x0002))) return; - device = btd_adapter_get_device(notify->database->adapter, + device = btd_adapter_find_device(notify->database->adapter, &device_state->bdaddr, device_state->bdaddr_type); - if (!device) + if (!device) { + /* If ATT has not disconnect yet don't remove the state as it + * will eventually be removed when att_disconnected is called. + */ + if (device_state->disc_id) + return; goto remove; + } server = btd_device_get_gatt_server(device); if (!server) {
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> If a device is removed with notifications enabled that would lead to device_state being freed while att_disconnected has not been called yet. gh-issue: https://github.com/bluez/bluez/issues/82 --- src/gatt-database.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)