adapter: Fix crash in discovery_disconnect

discovery_disconnect crashed because the adapter pointer has been freed
before. This patch makes sure that discovery list is cleaned up before
adapter pointer is freed.

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/src/adapter.c b/src/adapter.c
index d8e6c99..2b0bf3a 100644 (file)
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -10229,12 +10229,26 @@ static void free_service_auth(gpointer data, gpointer user_data)
        g_free(auth);
 }
 
+static void remove_discovery_list(struct btd_adapter *adapter)
+{
+       g_slist_free_full(adapter->set_filter_list, discovery_free);
+       adapter->set_filter_list = NULL;
+
+       g_slist_free_full(adapter->discovery_list, discovery_free);
+       adapter->discovery_list = NULL;
+}
+
 static void adapter_free(gpointer user_data)
 {
        struct btd_adapter *adapter = user_data;
 
        DBG("%p", adapter);
 
+       /* Make sure the adapter's discovery list is cleaned up before freeing
+        * the adapter.
+        */
+       remove_discovery_list(adapter);
+
        if (adapter->pairable_timeout_id > 0) {
                g_source_remove(adapter->pairable_timeout_id);
                adapter->pairable_timeout_id = 0;
@@ -12115,11 +12129,7 @@ static void adapter_stop(struct btd_adapter *adapter)
 
        cancel_passive_scanning(adapter);
 
-       g_slist_free_full(adapter->set_filter_list, discovery_free);
-       adapter->set_filter_list = NULL;
-
-       g_slist_free_full(adapter->discovery_list, discovery_free);
-       adapter->discovery_list = NULL;
+       remove_discovery_list(adapter);
 
        discovery_cleanup(adapter, 0);