From 04b0ddeb14de2f01380f3529f9b96125f6d2fa09 Mon Sep 17 00:00:00 2001 From: Pawel Wasowski Date: Wed, 16 Sep 2020 20:02:29 +0200 Subject: [PATCH] [Bluetooth] Prevent crash in BLE advertising bt_advertiser_h pointer was freed twice in some cases, which lead to crashes. Setting it to a nullptr after the first destruction fixes the problem. [Verification] Tested crashing scenario in Chrome DevTools Console and no crashes occurred with the change. tct-tizen-bluetooth-tests: 100 % pass rate (auto; manual were not run, because they don't test BluetoothLEAdapter APIs) Change-Id: Ie0d3de744075a4c08e5266fed274e98a0d9567b8 Signed-off-by: Pawel Wasowski --- src/bluetooth/bluetooth_le_adapter.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/bluetooth/bluetooth_le_adapter.cc b/src/bluetooth/bluetooth_le_adapter.cc index cbd08ae3..d157cdb4 100644 --- a/src/bluetooth/bluetooth_le_adapter.cc +++ b/src/bluetooth/bluetooth_le_adapter.cc @@ -830,12 +830,19 @@ void BluetoothLEAdapter::OnAdvertiseResult(int result, bt_advertiser_h advertise if (adv_state == BT_ADAPTER_LE_ADVERTISING_STOPPED) { LoggerD("Advertiser destroy"); int ret = bt_adapter_le_destroy_advertiser(advertiser); + /* + * Destruction of advertiser should not fail. + * If it does, we only log the info and set the pointer to nullptr + * anyway to let the user start new advertising in the future. + */ + adapter->bt_advertiser_ = nullptr; if (BT_ERROR_NONE != ret && BT_ERROR_NOT_IN_PROGRESS != ret) { LogAndReportError(PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to destroy advertiser"), data_obj, ("bt_adapter_le_destroy_advertiser() failed with: %d (%s)", ret, get_error_message(ret))); return; } + LoggerD("bt_adapter_le_destroy_advertiser(): SUCCESS"); } } -- 2.34.1