gatt: Fix Acquire* reply handling

Originally these operation did not set any owner_queue which caused
them to crash if the attribute is freed before the respose, to fix that
the reply will now check if owner_queue was reset to NULL which means
the attribute is no longer available but the owner_queue was never set
in the first place so this ensures they are now setup properly.

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 0f7d5d4..298a62f 100644 (file)
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -2979,9 +2979,9 @@ static struct pending_op *acquire_write(struct external_chrc *chrc,
        struct pending_op *op;
 
 #ifdef TIZEN_FEATURE_BLUEZ_MODIFY
-       op = pending_write_new(device, NULL, attrib, id, value, len, 0, 0,
+       op = pending_write_new(device, chrc->pending_writes, attrib, id, value, len, 0, 0,
 #else
-       op = pending_write_new(device, NULL, attrib, id, value, len, 0,
+       op = pending_write_new(device, chrc->pending_writes, attrib, id, value, len, 0,
 #endif
                                                link_type, false, false);
 
@@ -3120,6 +3120,7 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data)
        if (g_dbus_proxy_get_property(chrc->proxy, "NotifyAcquired", &iter)) {
                op->data.iov_base = (void *) chrc;
                op->data.iov_len = sizeof(chrc);
+               op->owner_queue = chrc->pending_writes;
                if (g_dbus_proxy_method_call(chrc->proxy, "AcquireNotify",
                                                acquire_notify_setup,
                                                acquire_notify_reply,