admin: Fix double free

Fixes the following double free which happen due to exit calling
btd_unregister_adapter_driver:

Invalid read of size 8
   at 0x1CDA97: queue_foreach (queue.c:198)
   by 0x1318B8: admin_policy_remove (admin.c:591)
   by 0x18982A: plugin_cleanup (plugin.c:217)
   by 0x12E3FD: main (main.c:1214)
 Address 0x547ffb8 is 8 bytes inside a block of size 32 free'd
   at 0x483A9F5: free (vg_replace_malloc.c:538)
   by 0x1318CB: admin_policy_remove (admin.c:592)
   by 0x18F416: unload_driver (adapter.c:7215)
   by 0x496F50F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.6600.8)
   by 0x131988: admin_exit (admin.c:623)
   by 0x18982A: plugin_cleanup (plugin.c:217)
   by 0x12E3FD: main (main.c:1214)
 Block was alloc'd at
   at 0x4839809: malloc (vg_replace_malloc.c:307)
   by 0x1CDE1E: btd_malloc (util.c:33)
   by 0x1CD83D: queue_new (queue.c:47)
   by 0x13150D: admin_init (admin.c:614)
   by 0x18966B: plugin_init (plugin.c:187)
   by 0x12E358: main (main.c:1198)

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/plugins/admin.c b/plugins/admin.c
index ee7649d..fe22400 100644 (file)
--- a/plugins/admin.c
+++ b/plugins/admin.c
@@ -591,6 +591,7 @@ static void admin_policy_remove(struct btd_adapter *adapter)
        queue_foreach(devices, unregister_device_data, NULL);
        queue_destroy(devices, g_free);
 
+       devices = NULL;
        if (policy_data) {
                admin_policy_destroy(policy_data);
                policy_data = NULL;
@@ -620,7 +621,6 @@ static void admin_exit(void)
        DBG("");
 
        btd_unregister_adapter_driver(&admin_policy_driver);
-       admin_policy_remove(NULL);
 }
 
 BLUETOOTH_PLUGIN_DEFINE(admin, VERSION,