audio/avrcp: Fix crash on RegisterNotification

When registering AVRCP_EVENT_ADDRESSED_PLAYER_CHANGED there may
not be any player available causing a crash.

git repo link:
http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=60050fe469df1536466d1c6819670ce70ca92287

Change-Id: I889d727e1c411fe9970548355a39fa874cd41ce0

diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index e09ed27..db3d788 100644 (file)
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -1427,6 +1427,22 @@ static uint8_t player_get_status(struct avrcp_player *player)
        return play_status_to_val(value);
 }
 
+static uint16_t player_get_id(struct avrcp_player *player)
+{
+       if (player == NULL)
+               return 0x0000;
+
+       return player->id;
+}
+
+static uint16_t player_get_uid_counter(struct avrcp_player *player)
+{
+       if (player == NULL)
+               return 0x0000;
+
+       return player->uid_counter;
+}
+
 static uint8_t avrcp_handle_get_play_status(struct avrcp *session,
                                                struct avrcp_header *pdu,
                                                uint8_t transaction)
@@ -1700,8 +1716,10 @@ static uint8_t avrcp_handle_register_notification(struct avrcp *session,
 #endif
        case AVRCP_EVENT_ADDRESSED_PLAYER_CHANGED:
                len = 5;
-               memcpy(&pdu->params[1], &player->id, sizeof(uint16_t));
-               memcpy(&pdu->params[3], &player->uid_counter, sizeof(uint16_t));
+               memcpy(&pdu->params[1], player_get_id(player),
+                                               sizeof(uint16_t));
+               memcpy(&pdu->params[3], player_get_uid_counter(player),
+                                               sizeof(uint16_t));
                break;
        case AVRCP_EVENT_AVAILABLE_PLAYERS_CHANGED:
                len = 1;