projects / platform / core / connectivity / bluetooth-frwk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a54217a) | patch
RFCOMM socket : free connection info before sending callback 04/167304/1
authorSeungyoun Ju <sy39.ju@samsung.com>
Tue, 16 Jan 2018 08:41:37 +0000 (17:41 +0900)
committerSeungyoun Ju <sy39.ju@samsung.com>
Wed, 17 Jan 2018 02:30:43 +0000 (11:30 +0900)
commit271f9f9005d4eca6c4d57092be8ed2a00b2e3454
treeb9dbc369b7b117e205d0fdd312d2023739fcec58tree | snapshot
parenta54217ac66b8270fa93dc75accb334a53dfb9c42commit | diff
RFCOMM socket : free connection info before sending callback

[Problem] Application crash happens when
 bluetooth_rfcomm_remove_socket() is called in socket disconnect callback.
[Cause & Measure] Connection information structure is freed by
 bluetooth_rfcomm_remove_socket(). But after returning back from
 callback, already freed structure is accessed. It causes crash.
 Before sending disconnection event, free related structure first. So
 that, application can use bluetooth_rfcomm_remove_socket() in
 disconnection callback without crash.
[Checking Method] Call bluetooth_rfcomm_remove_socket() in server
 socket's disconnection callback.

(gdb) f 0
128 conn = l->data;
(gdb) p *info
$1 = {object_id = 2874763544,
  path = 0xf6ecb840, id = 1802724708,
  uuid = 0x2e706f74 <error: Cannot access memory at address 0x2e706f74>, rfcomm_conns = 0x73754244, disconnect_idle_id = 1701013760}

Change-Id: I1a3436979bb1fbb3ebfa4890157f2b4868de23fd
bt-api/bt-rfcomm-client.c diff | blob | history
bt-api/bt-rfcomm-server.c diff | blob | history
Domain: Network & Connectivity / Bluetooth;