From fd8542fc82b0c7301fe280c1844bcf6b94370246 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Wed, 1 Apr 2020 16:27:33 -0700 Subject: [PATCH] gatt: Fix Acquire* reply handling Originally these operation did not set any owner_queue which caused them to crash if the attribute is freed before the respose, to fix that the reply will now check if owner_queue was reset to NULL which means the attribute is no longer available but the owner_queue was never set in the first place so this ensures they are now setup properly. Signed-off-by: Anuj Jain Signed-off-by: Ayush Garg --- src/gatt-database.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/gatt-database.c b/src/gatt-database.c index 0f7d5d4..298a62f 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -2979,9 +2979,9 @@ static struct pending_op *acquire_write(struct external_chrc *chrc, struct pending_op *op; #ifdef TIZEN_FEATURE_BLUEZ_MODIFY - op = pending_write_new(device, NULL, attrib, id, value, len, 0, 0, + op = pending_write_new(device, chrc->pending_writes, attrib, id, value, len, 0, 0, #else - op = pending_write_new(device, NULL, attrib, id, value, len, 0, + op = pending_write_new(device, chrc->pending_writes, attrib, id, value, len, 0, #endif link_type, false, false); @@ -3120,6 +3120,7 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data) if (g_dbus_proxy_get_property(chrc->proxy, "NotifyAcquired", &iter)) { op->data.iov_base = (void *) chrc; op->data.iov_len = sizeof(chrc); + op->owner_queue = chrc->pending_writes; if (g_dbus_proxy_method_call(chrc->proxy, "AcquireNotify", acquire_notify_setup, acquire_notify_reply, -- 2.7.4