If device is no longer exists or not paired when notifications send it
is possible to get double free and dereference of already freed memory.
To avoid this we need to recheck the state of device after sending
notification.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
send_notification_to_device(state, state->pending);
+ state = find_device_state(database, &bdaddr, bdaddr_type);
+ if (!state || !state->pending)
+ return;
+
free(state->pending->value);
free(state->pending);
state->pending = NULL;