Fix crash issue

0  0xaae6c8da in notify_io_destroy (data=0xac2cbcb0) at src/gatt-client.c:1698
1698            DBG("notify_io destroyed. length: %d", queue_length(client->chrc->notify_clients));
(gdb) info args
data = 0xac2cbcb0
(gdb) p client
$1 = (struct notify_client *) 0xac2cbcb0
(gdb) p *client
$2 = {chrc = 0x0, ref_count = 0, owner = 0x0, watch = 0, notify_id = 56}

$1 = (struct notify_client *) 0x55a1388d20
(gdb)
$2 = (struct notify_client *) 0x55a1388d20
(gdb) p *client
p *client
$3 = {chrc = 0x1, ref_count = 0, owner = 0x0, watch = 0, notify_id = 0}

Change-Id: Icb84e5995d7a2cd5ce1447d075a30ce1cc1a2f2f
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>

diff --git a/src/gatt-client.c b/src/gatt-client.c
index d7c02fe4689ddbb854bc0f674b28094a1eb87712..8341a3100a5e7b8a103a1bd029fea496fef12392 100644 (file)
--- a/src/gatt-client.c
+++ b/src/gatt-client.c
@@ -1668,6 +1668,8 @@ static void register_notify_io_cb(uint16_t att_ecode, void *user_data)
                queue_remove(chrc->notify_clients, client);
 #ifdef TIZEN_FEATURE_BLUEZ_MODIFY
                DBG("Removed client from notify_clients. length: %d", queue_length(chrc->notify_clients));
+               sock_io_destroy(chrc->notify_io);
+               chrc->notify_io = NULL;
 #endif
                notify_client_free(client);
                return;
@@ -1688,6 +1690,11 @@ static void notify_io_destroy(void *data)
 {
        struct notify_client *client = data;
 
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (!client || !client->chrc)
+               return;
+#endif
+
 #ifdef TIZEN_FEATURE_BLUEZ_MODIFY
        DBG("notify_io destroyed. length: %d", queue_length(client->chrc->notify_clients));
        if (queue_remove(client->chrc->notify_clients, client)) {
@@ -1761,6 +1768,13 @@ static DBusMessage *characteristic_start_notify(DBusConnection *conn,
        struct notify_client *client;
        struct btd_device *device = chrc->service->client->device;
 
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (device_get_gatt_connected(device) == FALSE) {
+               error("GATT not connected");
+               return btd_error_not_connected(msg);
+       }
+#endif
+
        if (device_is_disconnecting(device)) {
                error("Device is disconnecting. StartNotify is not allowed.");
                return btd_error_not_connected(msg);
@@ -2013,6 +2027,9 @@ static void characteristic_free(void *data)
 
        g_free(chrc->path);
        free(chrc);
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       chrc = NULL;
+#endif
 }
 
 static void att_exchange(uint16_t mtu, void *user_data)