a2dp: Fix crash on connection lost

when the channel is removed on connection lost, the
setup->chan pointer becomes dangling which causes crash
in find_remote_sep.
So mark this pointer as NULL whenever the channel is removed.

Change-Id: I1b3fe81df18d4ea8eed00739a9db7d0e7232dda0
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Signed-off-by: Dohyun Pyun <dh79.pyun@samsung.com>

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index 7479683..d2047cd 100644 (file)
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1235,6 +1235,13 @@ static gboolean close_ind(struct avdtp *session, struct avdtp_local_sep *sep,
 static struct a2dp_remote_sep *find_remote_sep(struct a2dp_channel *chan,
                                                struct a2dp_sep *sep)
 {
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (!chan) {
+               DBG("chan is NULL");
+               return NULL;
+       }
+#endif
+
        struct avdtp_remote_sep *rsep;
 
        rsep = avdtp_find_remote_sep(chan->session, sep->lsep);
@@ -1289,6 +1296,13 @@ failed:
 static struct a2dp_remote_sep *get_remote_sep(struct a2dp_channel *chan,
                                                struct avdtp_stream *stream)
 {
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (!chan) {
+               DBG("chan is NULL");
+               return NULL;
+       }
+#endif
+
        struct avdtp_remote_sep *rsep;
 
        rsep = avdtp_stream_get_remote_sep(stream);
@@ -1596,6 +1610,9 @@ static void remove_remote_sep(void *data)
 static void channel_free(void *data)
 {
        struct a2dp_channel *chan = data;
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       struct a2dp_setup *setup = NULL;
+#endif
 
        if (chan->auth_id > 0)
                btd_cancel_authorization(chan->auth_id);
@@ -1612,6 +1629,15 @@ static void channel_free(void *data)
 
        queue_destroy(chan->seps, remove_remote_sep);
        free(chan->last_used);
+
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (chan->session)
+               setup = find_setup_by_session(chan->session);
+
+       if (setup && setup->chan == chan)
+               setup->chan = NULL;
+#endif
+
        g_free(chan);
 }
 
@@ -2706,6 +2732,14 @@ static void select_cb(struct a2dp_setup *setup, void *ret, int size)
        }
 
        setup->rsep = find_remote_sep(setup->chan, setup->sep);
+
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+       if (!setup->rsep) {
+               error("unable to find remote SEP");
+               goto done;
+       }
+#endif
+
        service = avdtp_get_codec(setup->rsep->sep);
        codec = (struct avdtp_media_codec_capability *) service->data;