From: Anuj Jain Date: Fri, 28 Jan 2022 11:08:38 +0000 (+0530) Subject: GATT: Fix crash in ccc_write_cb. X-Git-Tag: submit/tizen/20220207.225310^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=68f16d32af7d3986eca160d6bc8014f0476ad54e;p=platform%2Fupstream%2Fbluez.git GATT: Fix crash in ccc_write_cb. When gatt client is disconnected after notification enable, The pending_op becomes null which when used in stop_notify_setup causes bluetoothd to crash. This patch will fix the same. Change-Id: I75316e67be6a1b941457066f05e17ddf2db8732d Signed-off-by: Anuj Jain --- diff --git a/src/gatt-database.c b/src/gatt-database.c index 6e659299..382f8dde 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -3182,8 +3182,12 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data) * operation, so simply ignore the return the value. */ #ifdef TIZEN_FEATURE_BLUEZ_MODIFY - g_dbus_proxy_method_call(chrc->proxy, "StopNotify", + if (op) + g_dbus_proxy_method_call(chrc->proxy, "StopNotify", stop_notify_setup, NULL, op, NULL); + else + g_dbus_proxy_method_call(chrc->proxy, "StopNotify", + NULL, NULL, NULL, NULL); #else g_dbus_proxy_method_call(chrc->proxy, "StopNotify", NULL, NULL, NULL, NULL); @@ -3223,13 +3227,21 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data) * value for now. */ #ifdef TIZEN_FEATURE_BLUEZ_MODIFY - if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", start_notify_setup, NULL, - op, NULL) == FALSE) + if (op) { + if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", + start_notify_setup, NULL, op, NULL) == FALSE) + return BT_ATT_ERROR_UNLIKELY; + } + else { + if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", NULL, + NULL, NULL, NULL) == FALSE) + return BT_ATT_ERROR_UNLIKELY; + } #else if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", NULL, NULL, NULL, NULL) == FALSE) -#endif return BT_ATT_ERROR_UNLIKELY; +#endif __sync_fetch_and_add(&chrc->ntfy_cnt, 1);