From: Pawel Wasowski Date: Wed, 16 Sep 2020 18:02:29 +0000 (+0200) Subject: [Bluetooth] Prevent crash in BLE advertising X-Git-Tag: submit/tizen/20200923.101308~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F26%2F244626%2F1;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [Bluetooth] Prevent crash in BLE advertising bt_advertiser_h pointer was freed twice in some cases, which lead to crashes. Setting it to a nullptr after the first destruction fixes the problem. [Verification] Tested crashing scenario in Chrome DevTools Console and no crashes occurred with the change. tct-tizen-bluetooth-tests: 100 % pass rate (auto; manual were not run, because they don't test BluetoothLEAdapter APIs) Change-Id: Ie0d3de744075a4c08e5266fed274e98a0d9567b8 Signed-off-by: Pawel Wasowski --- diff --git a/src/bluetooth/bluetooth_le_adapter.cc b/src/bluetooth/bluetooth_le_adapter.cc index cbd08ae3..d157cdb4 100644 --- a/src/bluetooth/bluetooth_le_adapter.cc +++ b/src/bluetooth/bluetooth_le_adapter.cc @@ -830,12 +830,19 @@ void BluetoothLEAdapter::OnAdvertiseResult(int result, bt_advertiser_h advertise if (adv_state == BT_ADAPTER_LE_ADVERTISING_STOPPED) { LoggerD("Advertiser destroy"); int ret = bt_adapter_le_destroy_advertiser(advertiser); + /* + * Destruction of advertiser should not fail. + * If it does, we only log the info and set the pointer to nullptr + * anyway to let the user start new advertising in the future. + */ + adapter->bt_advertiser_ = nullptr; if (BT_ERROR_NONE != ret && BT_ERROR_NOT_IN_PROGRESS != ret) { LogAndReportError(PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to destroy advertiser"), data_obj, ("bt_adapter_le_destroy_advertiser() failed with: %d (%s)", ret, get_error_message(ret))); return; } + LoggerD("bt_adapter_le_destroy_advertiser(): SUCCESS"); } }