Message ID | 20201119200250.3848680-1-pavelm@google.com |
---|---|
State | New |
Headers | show |
Series | Fix duplicate free for GATT service includes | expand |
diff --git a/src/gatt-database.c b/src/gatt-database.c index 6694a0174..04b49e2c1 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -2017,7 +2017,11 @@ static bool parse_includes(GDBusProxy *proxy, struct external_service *service) dbus_message_iter_get_basic(&array, &obj); - if (!queue_push_tail(service->includes, obj)) { + const char* includes = g_strdup(obj); + if (!includes) + return false; + + if (!queue_push_tail(service->includes, includes)) { error("Failed to add Includes path in queue\n"); return false; }
Service includes object is obtained via dbus_message_iter_get_basic call and according to the contract for the value is that it is returned by the references and should not be freed so we should make a copy. The issue I'm running is when the GATT service app is disconnected (reproduced with gatt-service included in bluez), bluetoothd is crashing: bluetoothd[9771]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed bluetoothd[9771]: src/adapter.c:adapter_service_remove() /org/bluez/hci0 bluetoothd[9771]: src/adapter.c:remove_uuid() sending remove uuid command for index 0 bluetoothd[9771]: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x10006 bluetoothd[9771]: src/gatt-database.c:proxy_removed_cb() Proxy removed - removing service: /service1 munmap_chunk(): invalid pointer Signed-off-by: Pavel Maltsev <pavelm@google.com> --- src/gatt-database.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)