From: Szymon Janc <szymon.janc@codecoup.pl>
Date: Wed, 4 Apr 2018 07:28:56 +0000 (+0200)
Subject: gatt: Fix crash with BR/EDR only adapter
X-Git-Tag: accepted/tizen/unified/20190522.085452~1^2~112
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a1b06c41059a0978eccb8f35ef84780ae3fbb58a;p=platform%2Fupstream%2Fbluez.git

gatt: Fix crash with BR/EDR only adapter

adapter->database can be NULL if controller is BR/EDR only or LE was
disabled. Make btd_gatt_database_restore_svc_chng_ccc accept NULL
pointer and silently ignore it similiar to rest of btd_gatt_database
API.

Invalid read of size 8
   at 0x164DCB: btd_gatt_database_restore_svc_chng_ccc (src/bluez-git/src/bluetoothd)
   by 0x17B70F: read_info_complete (src/bluez-git/src/bluetoothd)
   by 0x1A7E58: request_complete (src/bluez-git/src/bluetoothd)
   by 0x1A89AD: can_read_data (src/bluez-git/src/bluetoothd)
   by 0x1B5752: watch_callback (src/bluez-git/src/bluetoothd)
   by 0x4E852C5: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.5600.0)
   by 0x4E856A0: ??? (in /usr/lib/libglib-2.0.so.0.5600.0)
   by 0x4E859D1: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.5600.0)
   by 0x125058: main (src/bluez-git/src/bluetoothd)
 Address 0x40 is not stack'd, malloc'd or (recently) free'd

Change-Id: Ibec4e5ced0c2218d96499c47afcd2863484212eb
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
---

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 125d7a0..54d948c 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -3877,6 +3877,9 @@ void btd_gatt_database_restore_svc_chng_ccc(struct btd_gatt_database *database)
 	uint8_t value[4];
 	uint16_t handle, ccc_handle;
 
+	if (!database)
+		return;
+
 	handle = gatt_db_attribute_get_handle(database->svc_chngd);
 	ccc_handle = gatt_db_attribute_get_handle(database->svc_chngd_ccc);