From 47acadbb2368f7fc6b5c13f3191ef8d6df1fe200 Mon Sep 17 00:00:00 2001
From: "milk.lee" <milk.lee@samsung.com>
Date: Fri, 23 Aug 2019 14:59:10 +0900
Subject: [PATCH] bug fix - memory over flow

Change-Id: I02ac740edb422cb2989413d6dabdd06efdfaf04f
Signed-off-by: milk.lee <milk.lee@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
---
 src/bluetooth-gatt.c | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index 350e510..c17f1ae 100644
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -947,11 +947,7 @@ static void __bt_gatt_free_characteristic(bt_gatt_h gatt_handle)
 		BT_ERR("service_s is null");
 		goto fail;
 	}
-	client_s = (bt_gatt_client_s*)service_s->parent;
-	if (!client_s) {
-		BT_ERR("client_s is null");
-		goto fail;
-	}
+
 	/* Create Service and Charc handles */
 	__bt_string_to_uuid_hex(service_s->uuid, svc_handle.uuid);
 	svc_handle.instance_id = service_s->instance_id;
@@ -962,17 +958,34 @@ static void __bt_gatt_free_characteristic(bt_gatt_h gatt_handle)
 	BT_INFO("Charc UUID [%s]", chr->uuid);
 	BT_INFO("Charc Instance ID [%d]", chr->instance_id);
 
-	BT_INFO("Client ID [%d]", client_s->client_id);
-
 	__bt_string_to_uuid_hex(chr->uuid, chr_handle.uuid);
 	chr_handle.instance_id = chr->instance_id;
 #endif
-	if (chr->role == BT_GATT_ROLE_CLIENT && chr->value_changed_cb &&
-		chr->properties &
-		(BT_GATT_PROPERTY_NOTIFY | BT_GATT_PROPERTY_INDICATE)) {
+
+	if (chr->role == BT_GATT_ROLE_CLIENT &&
+			chr->value_changed_cb &&
+			(chr->properties &
+					(BT_GATT_PROPERTY_NOTIFY | BT_GATT_PROPERTY_INDICATE))) {
+#ifdef TIZEN_GATT_CLIENT
+		client_s = (bt_gatt_client_s*)service_s->parent;
+		if (!client_s) {
+			BT_ERR("client_s is null");
+			goto fail;
+		}
+		BT_INFO("Client ID [%d]", client_s->client_id);
+
+		ret = _bt_get_error_code(bluetooth_gatt_client_watch_characteristics(
+					client_s->remote_address,
+					&svc_handle,
+					&chr_handle,
+					client_s->client_id,
+					FALSE,
+					TRUE));
+#else
 		BT_DBG("Unwatch characteristic");
 		ret = _bt_get_error_code(bluetooth_gatt_unwatch_characteristics(
 					chr->path));
+#endif
 		if (ret != BT_ERROR_NONE)
 			BT_ERR("%s(0x%08x)", _bt_convert_error_to_string(ret), ret);
 	}
@@ -980,9 +993,7 @@ static void __bt_gatt_free_characteristic(bt_gatt_h gatt_handle)
 fail:
 	g_slist_free_full(chr->descriptors, __bt_gatt_free_descriptor);
 
-#ifndef TIZEN_GATT_CLIENT
 	g_strfreev(chr->desc_handles);
-#endif
 
 	g_free(chr->path);
 	g_free(chr->uuid);
-- 
2.7.4