From de90c33cf00a7990f319c171e8da0ce197a4fdae Mon Sep 17 00:00:00 2001 From: wu zheng Date: Wed, 3 Dec 2014 17:45:34 +0800 Subject: [PATCH] obexd/client: Fix crash while disconnecting In case the transport is disconnected while disconnect command is pending the session is freed on disconnect_complete but disconnect callback is still valid causing the following crash: Invalid read of size 4 at 0x42682A: obc_session_ref (session.c:132) by 0x42797B: obc_session_shutdown (session.c:580) by 0x4139DA: incoming_data (gobex.c:1406) by 0x59712A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x5971627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x5971A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x40D78C: main (main.c:320) Address 0x728d814 is 4 bytes inside a block of size 120 free'd at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x5976F7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x4134B9: handle_response (gobex.c:1129) by 0x4139BD: incoming_data (gobex.c:1403) by 0x59712A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x5971627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x5971A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2) by 0x40D78C: main (main.c:320) The patch comes from upstream: commit ID 765fc36308c8d806a597bb9eae13bdff82e081d8 Change-Id: Id2abc28533d6312c791ec8b9880a4073db529e31 Signed-off-by: Wu Zheng --- obexd/client/session.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/obexd/client/session.c b/obexd/client/session.c index d19694c..20520a1 100644 --- a/obexd/client/session.c +++ b/obexd/client/session.c @@ -225,8 +225,10 @@ static void session_free(struct obc_session *session) if (session->watch) g_dbus_remove_watch(session->conn, session->watch); - if (session->obex != NULL) + if (session->obex) { + g_obex_set_disconnect_function(session->obex, NULL, NULL); g_obex_unref(session->obex); + } if (session->id > 0 && session->transport != NULL) session->transport->disconnect(session->id); -- 2.7.4