From: Wootak Jung <wootak.jung@samsung.com>
Date: Tue, 11 May 2021 02:10:53 +0000 (+0900)
Subject: a2dp: Fix crash on discover_cb
X-Git-Tag: submit/tizen/20210606.232858~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1fe6e658d4ed2f6d288d6280775297494259a0b0;p=platform%2Fupstream%2Fbluez.git

a2dp: Fix crash on discover_cb

There have been reports of crashes on discover_cb where the setup
would most likely already have been freed but discover_cb would still
be called, so instead of assuming the setup pointer would be valid try
to lookup the list of active setups and log a warning when it happens.

Change-Id: Icca1608c48be43174492d69204c8d31b158a99df
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
---

diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index 529a0a82..93d0460b 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -2880,6 +2880,13 @@ static void discover_cb(struct avdtp *session, GSList *seps,
 
 	DBG("version 0x%04x err %p", version, err);
 
+#ifdef TIZEN_FEATURE_BLUEZ_MODIFY
+	if (!g_slist_find(setups, setup)) {
+		warn("setup %p no longer valid", setup);
+		return;
+	}
+#endif
+
 	setup->seps = seps;
 	setup->err = err;