From 2010c03b15baee05eb7df21852d2bff50fc5b97a Mon Sep 17 00:00:00 2001
From: Atul Rai <a.rai@samsung.com>
Date: Fri, 13 Jul 2018 16:19:11 +0530
Subject: [PATCH] Fix Coverity issues in Bluetooth-frwk

This patch fixes coverity issues in BT-API, bt-service, BT-OAL and BT-HAL.
Fixed coverity Ids are as below:
859518, 859522, 859523, 859524, 859527, 859533, 859535, 859540,
859542, 859547, 859557, 859562, 859564, 859569, 859575

Change-Id: Ie920767a4581a3a6b206f2842d2a9a6fffc052c9
Signed-off-by: Atul Rai <a.rai@samsung.com>
---
 bt-api/bt-gatt-service.c                           | 15 +++++
 bt-oal/bluez_hal/src/bt-hal-dbus-common-utils.c    |  2 +
 bt-oal/bluez_hal/src/bt-hal-event-receiver.c       |  3 +-
 bt-oal/bluez_hal/src/bt-hal-gatt-client.c          |  3 +-
 bt-oal/bluez_hal/src/bt-hal-gatt-server.c          |  6 +-
 bt-oal/bluez_hal/src/bt-hal-hdp-dbus-handler.c     |  1 -
 bt-oal/oal-gatt.c                                  |  1 +
 bt-otp/bt-otpserver.c                              |  3 +
 .../services/adapter/bt-service-core-adapter-le.c  | 18 ++----
 .../services/gatt/bt-service-gatt.c                | 64 +++++-----------------
 .../services/obex/bt-service-map-client.c          |  6 +-
 11 files changed, 55 insertions(+), 67 deletions(-)

diff --git a/bt-api/bt-gatt-service.c b/bt-api/bt-gatt-service.c
index 115d1e6..0c4c127 100644
--- a/bt-api/bt-gatt-service.c
+++ b/bt-api/bt-gatt-service.c
@@ -536,6 +536,7 @@ static void __bt_gatt_manager_method_call(GDBusConnection *connection,
 			if (l1 == NULL) {
 				BT_ERR("gatt service list is NULL");
 				g_dbus_method_invocation_return_value(invocation, NULL);
+				g_variant_builder_unref(builder);
 				return;
 			}
 
@@ -543,6 +544,7 @@ static void __bt_gatt_manager_method_call(GDBusConnection *connection,
 			if (serv_info == NULL) {
 				BT_ERR("service info value is NULL");
 				g_dbus_method_invocation_return_value(invocation, NULL);
+				g_variant_builder_unref(builder);
 				return;
 			}
 
@@ -779,6 +781,7 @@ static void __bt_gatt_manager_method_call(GDBusConnection *connection,
 						g_variant_new(
 						"(a{oa{sa{sv}}})",
 						builder));
+		g_variant_builder_unref(builder);
 	}
 }
 
@@ -1876,6 +1879,12 @@ BT_EXPORT_API int bluetooth_gatt_add_service(const char *svc_uuid,
 				g_variant_new("(oa{sa{sv}})",
 				path, builder),
 				&error);
+	if (error != NULL) {
+		/* dbus gives error cause */
+		BT_ERR("d-bus api failure: errcode[%x], message[%s]",
+				error->code, error->message);
+		g_clear_error(&error);
+	}
 
 	new_service = TRUE;
 
@@ -2204,6 +2213,12 @@ BT_EXPORT_API int bluetooth_gatt_add_descriptor(
 				g_variant_new("(oa{sa{sv}})",
 				path, builder),
 				&error);
+	if (error) {
+		/* dBUS gives error cause */
+		BT_ERR("Could not Emit Signal: errCode[%x], message[%s]",
+				error->code, error->message);
+		g_clear_error(&error);
+	}
 
 	*desc_path = g_strdup(path);
 
diff --git a/bt-oal/bluez_hal/src/bt-hal-dbus-common-utils.c b/bt-oal/bluez_hal/src/bt-hal-dbus-common-utils.c
index 39d465d..5134b2f 100644
--- a/bt-oal/bluez_hal/src/bt-hal-dbus-common-utils.c
+++ b/bt-oal/bluez_hal/src/bt-hal-dbus-common-utils.c
@@ -1467,6 +1467,8 @@ static void __hal_new_connection_method(GDBusConnection *connection,
 
 		if (cb)
 			cb(object_path, fd, &remote_addr1);
+		else
+			close(fd);
 	} else if (g_strcmp0(method_name, "RequestDisconnection") == 0) {
 		g_dbus_method_invocation_return_value(invocation, NULL);
 	}
diff --git a/bt-oal/bluez_hal/src/bt-hal-event-receiver.c b/bt-oal/bluez_hal/src/bt-hal-event-receiver.c
index 24b1a62..62dd3f2 100644
--- a/bt-oal/bluez_hal/src/bt-hal-event-receiver.c
+++ b/bt-oal/bluez_hal/src/bt-hal-event-receiver.c
@@ -592,7 +592,7 @@ static gboolean __bt_hal_parse_device_properties(GVariant *item)
 
 			ev->num_props++;
 			DBG("Device address [%s] property Num [%d]", address, ev->num_props);
-
+			g_free(address);
 		} else if (strcasecmp(key, "Class") == 0) {
 			unsigned int class = g_variant_get_uint32(val);
 			size += __bt_insert_hal_properties(buf + size, HAL_PROP_DEVICE_CLASS,
@@ -607,6 +607,7 @@ static gboolean __bt_hal_parse_device_properties(GVariant *item)
 				ev->num_props++;
 				DBG("Device Name [%s] Property num [%d]", name, ev->num_props);
 			}
+			g_free(name);
 		} else if (strcasecmp(key, "Connected") == 0) {
 			unsigned int connected = g_variant_get_byte(val);
 
diff --git a/bt-oal/bluez_hal/src/bt-hal-gatt-client.c b/bt-oal/bluez_hal/src/bt-hal-gatt-client.c
index 148b339..6f1a605 100644
--- a/bt-oal/bluez_hal/src/bt-hal-gatt-client.c
+++ b/bt-oal/bluez_hal/src/bt-hal-gatt-client.c
@@ -971,7 +971,7 @@ static bt_status_t _hal_gattc_get_characteristic_info(hal_gattc_char_t *gattc_ch
 	GVariantIter *property_iter;
 	GVariantIter *char_desc_iter;
 	char* char_handle = NULL;
-	const gchar *char_uuid_str = NULL;
+	gchar *char_uuid_str = NULL;
 	GPtrArray *gp_desc_array  = NULL;
 	GVariantIter *char_perm_iter;
 	gchar* permission;
@@ -1050,6 +1050,7 @@ static bt_status_t _hal_gattc_get_characteristic_info(hal_gattc_char_t *gattc_ch
 
 	_hal_gattc_update_char_property(gattc_char, char_uuid_str, gp_desc_array, char_permission);
 
+	g_free(char_uuid_str);
 	g_variant_iter_free(property_iter);
 	g_variant_unref(result);
 	g_object_unref(properties_proxy);
diff --git a/bt-oal/bluez_hal/src/bt-hal-gatt-server.c b/bt-oal/bluez_hal/src/bt-hal-gatt-server.c
index 12f672a..8ff463a 100644
--- a/bt-oal/bluez_hal/src/bt-hal-gatt-server.c
+++ b/bt-oal/bluez_hal/src/bt-hal-gatt-server.c
@@ -2363,6 +2363,11 @@ static bt_status_t gatt_server_add_descriptor(int slot, int service_handle, bt_u
 			g_variant_new("(oa{sa{sv}})",
 				path, builder),
 			&error);
+	if (error != NULL) {
+		ERR("g_dbus_connection_emit_signal failed: errCode[%x], message[%s]",
+				error->code, error->message);
+		g_clear_error(&error);
+	}
 
 	//*desc_path = g_strdup(path);
 
@@ -2925,7 +2930,6 @@ static bt_status_t gatt_server_update_att_value(int server_if, int attribute_han
 
 	update_value = g_variant_new("ay", inner_builder);
 
-	outer_builder = g_variant_builder_new(G_VARIANT_TYPE_ARRAY);
 	g_variant_builder_add(outer_builder, "{sv}", "Value",
 			update_value);
 
diff --git a/bt-oal/bluez_hal/src/bt-hal-hdp-dbus-handler.c b/bt-oal/bluez_hal/src/bt-hal-hdp-dbus-handler.c
index 5a74fc1..f31aa9b 100644
--- a/bt-oal/bluez_hal/src/bt-hal-hdp-dbus-handler.c
+++ b/bt-oal/bluez_hal/src/bt-hal-hdp-dbus-handler.c
@@ -76,7 +76,6 @@ static void __hdp_send_conn_event(hdp_conn_info_t *conn_info, int state)
 	ev.channel_state = state;
 	if (!event_cb) {
 		ERR("HDP dbus handler callback not registered");
-		g_free(conn_info);
 	} else
 		event_cb(HAL_EV_HDP_CONN_STATE, (void *)&ev, sizeof(ev));
 
diff --git a/bt-oal/oal-gatt.c b/bt-oal/oal-gatt.c
index 38637ad..081f4cf 100644
--- a/bt-oal/oal-gatt.c
+++ b/bt-oal/oal-gatt.c
@@ -662,6 +662,7 @@ static void cb_gatts_listen(int status, int server_if)
 		cur_adv_state[event->server_inst - 1] = new_state;
 	} else {
 		BT_ERR("Invalid Callback...");
+		g_free(event);
 		return;
 	}
 
diff --git a/bt-otp/bt-otpserver.c b/bt-otp/bt-otpserver.c
index 93d3c50..f44f487 100644
--- a/bt-otp/bt-otpserver.c
+++ b/bt-otp/bt-otpserver.c
@@ -815,6 +815,9 @@ fail:
 				_bt_otp_start_write_on_fd();
 			else if (oacp_op->opcode == OACP_WRITE)
 				_bt_otp_start_read_on_fd();
+		} else {
+			/* Close fd if oacp_op is NULL */
+			close(fd);
 		}
 		g_dbus_method_invocation_return_value(invocation, NULL);
 	}
diff --git a/bt-service-adaptation/services/adapter/bt-service-core-adapter-le.c b/bt-service-adaptation/services/adapter/bt-service-core-adapter-le.c
index 8084df5..27c9219 100644
--- a/bt-service-adaptation/services/adapter/bt-service-core-adapter-le.c
+++ b/bt-service-adaptation/services/adapter/bt-service-core-adapter-le.c
@@ -617,9 +617,7 @@ static void __bt_le_event_handler(int event_type, gpointer event_data)
 	}
 	case OAL_EVENT_BLE_SERVER_INSTANCE_INITIALISED: {
 		BT_INFO("OAL Event: Server Instance Registered");
-		event_gatts_register_t* event = g_memdup(event_data, sizeof(event_gatts_register_t));
-		/* GATT Server Registered event is handled in MAIN thread context */
-		__bt_le_handle_server_instance_registered(event);
+		__bt_le_handle_server_instance_registered((event_gatts_register_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_BLE_ADVERTISING_STARTED: {
@@ -632,23 +630,17 @@ static void __bt_le_event_handler(int event_type, gpointer event_data)
 	}
 	case OAL_EVENT_BLE_MULTI_ADVERTISING_ENABLE: {
 		BT_INFO("OAL Event: Advertising Enabled");
-		event_ble_multiadv_status* event = (event_ble_multiadv_status*)g_memdup(event_data,
-								sizeof(event_ble_multiadv_status));
-		__bt_le_multi_advertising_enabled(event);
+		__bt_le_multi_advertising_enabled((event_ble_multiadv_status *)event_data);
 		break;
 	}
 	case OAL_EVENT_BLE_MULTI_ADVERTISING_DISABLE: {
 		BT_INFO("OAL Event: Advertising Disabled");
-		event_ble_multiadv_status* event = (event_ble_multiadv_status*)g_memdup(event_data,
-								sizeof(event_ble_multiadv_status));
-		__bt_le_multi_advertising_disabled(event);
+		__bt_le_multi_advertising_disabled((event_ble_multiadv_status *)event_data);
 		break;
 	}
 	case OAL_EVENT_BLE_MULTI_ADVERTISING_SET_INST_DATA: {
 		BT_INFO("OAL Event: Advertising Data set successfully");
-		event_ble_multiadv_status* event = (event_ble_multiadv_status*)g_memdup(event_data,
-								sizeof(event_ble_multiadv_status));
-		__bt_le_multi_advertising_set_data(event);
+		__bt_le_multi_advertising_set_data((event_ble_multiadv_status *)event_data);
 		break;
 	}
 	case OAL_EVENT_BLE_MULTI_ADVERTISING_UPDATE: {
@@ -1261,6 +1253,8 @@ int _bt_set_advertising_data(const char *sender, int adv_handle,
 					BLUETOOTH_EVENT_ADVERTISING_MANUFACTURER_DATA_CHANGED,
 					param);
 		}
+
+		g_free(old_mdata);
 	}
 
 	/* Time to update new ADV data completely in Table */
diff --git a/bt-service-adaptation/services/gatt/bt-service-gatt.c b/bt-service-adaptation/services/gatt/bt-service-gatt.c
index fda8ba5..cb9e919 100644
--- a/bt-service-adaptation/services/gatt/bt-service-gatt.c
+++ b/bt-service-adaptation/services/gatt/bt-service-gatt.c
@@ -1128,7 +1128,6 @@ static void __bt_handle_server_instance_registered(event_gatts_register_t *data)
 		}
 	}
 	g_free(uuid_string);
-	g_free(data);
 }
 
 static void __bt_handle_gatt_server_service_added(event_gatts_srvc_prm_t *event)
@@ -1176,7 +1175,6 @@ static void __bt_handle_gatt_server_service_added(event_gatts_srvc_prm_t *event)
 		}
 	}
 
-	g_free(event);
 	g_free(uuid_str);
 }
 
@@ -1218,7 +1216,6 @@ static void __bt_handle_gatt_server_characteristic_added(event_gatts_srvc_charct
 	_bt_uuid_to_string(&(event->charctr_uuid), uuid_str);
 	BT_INFO("GATT Added Characteristic:  UUID: [%s]", uuid_str);
 
-	g_free(event);
 	g_free(uuid_str);
 }
 
@@ -1258,7 +1255,6 @@ static void __bt_handle_gatt_server_descriptor_added(event_gatts_srvc_descr_t* e
 	_bt_uuid_to_string(&(event->descrptr_uuid), uuid_str);
 	BT_INFO("GATT Added Descriptor:  UUID: [%s]", uuid_str);
 
-	g_free(event);
 	g_free(uuid_str);
 }
 
@@ -1290,8 +1286,6 @@ static void __bt_handle_gatt_server_service_started(event_gatts_srvc_t *event)
 			break;
 		}
 	}
-
-	g_free(event);
 }
 
 static void __bt_handle_gatt_server_service_stopped(event_gatts_srvc_t *event)
@@ -1321,8 +1315,6 @@ static void __bt_handle_gatt_server_service_stopped(event_gatts_srvc_t *event)
 			break;
 		}
 	}
-
-	g_free(event);
 }
 
 static void __bt_handle_gatt_server_service_deleted(event_gatts_srvc_t *event)
@@ -1352,8 +1344,6 @@ static void __bt_handle_gatt_server_service_deleted(event_gatts_srvc_t *event)
 			break;
 		}
 	}
-
-	g_free(event);
 }
 
 static struct gatt_client_info_t *__bt_find_remote_gatt_client_info(char *address)
@@ -1503,7 +1493,7 @@ static void __bt_handle_gatt_server_disconnection_state(event_gatts_conn_t *even
 	struct gatt_client_info_t *conn_info = NULL;
 	bluetooth_device_address_t dev_addr;
 
-	char *address = g_malloc0(BT_ADDRESS_STRING_SIZE);
+	char address[BT_ADDRESS_STRING_SIZE];
 
 	memcpy(dev_addr.addr, event->address.addr, 6);
 
@@ -1546,8 +1536,6 @@ static void __bt_handle_gatt_server_disconnection_state(event_gatts_conn_t *even
 		g_free(conn_info->addr);
 		g_free(conn_info);
 	}
-
-	g_free(address);
 }
 #else
 
@@ -1690,7 +1678,6 @@ static void __bt_handle_gatt_server_write_requested(event_gatts_srvc_write_attr_
 
 	if (event->length <= 0) {
 		BT_INFO("GATT Server write requested, but length of attr value is 0");
-		g_free(event);
 		return;
 	}
 
@@ -1741,7 +1728,6 @@ static void __bt_handle_gatt_server_write_requested(event_gatts_srvc_write_attr_
 			 BLUETOOTH_EVENT_GATT_SERVER_VALUE_CHANGED,
 			param);
 
-	g_free(event);
 	g_free(write_val);
 }
 
@@ -1792,8 +1778,6 @@ static void __bt_handle_gatt_server_read_requested(event_gatts_srvc_read_attr_t
 	_bt_send_event(BT_GATT_SERVER_EVENT,
 			BLUETOOTH_EVENT_GATT_SERVER_READ_REQUESTED,
 			param);
-
-	g_free(event);
 }
 
 static void __bt_handle_gatt_server_indicate_confirmed(event_gatts_ind_cnfrm_t *event)
@@ -1841,7 +1825,6 @@ static void __bt_handle_gatt_server_indicate_confirmed(event_gatts_ind_cnfrm_t *
 			param);
 
 	BT_INFO("Received Indication confirm for client number [%d]", recvd);
-	g_free(event);
 	g_free(address);
 }
 
@@ -1878,7 +1861,6 @@ static void __bt_handle_gatt_server_notification_changed(event_gatts_notif_t *ev
 			BLUETOOTH_EVENT_GATT_SERVER_NOTIFICATION_STATE_CHANGED,
 			param);
 
-	g_free(event);
 	g_free(address);
 }
 
@@ -1893,7 +1875,6 @@ static void __bt_handle_gatt_mtu_changed_event(event_gatts_mtu_changed_t *event)
 	conn_info = __bt_find_remote_gatt_client_info_from_conn_id(event->conn_id);
 	if (conn_info == NULL) {
 		BT_ERR("Cant find connection Information");
-		g_free(event);
 		return;
 	}
 	BT_INFO("Got connection Info GATT client [%s] MTU Size [%d]",
@@ -1909,7 +1890,6 @@ static void __bt_handle_gatt_mtu_changed_event(event_gatts_mtu_changed_t *event)
 	_bt_send_event(BT_GATT_SERVER_EVENT,
 			BLUETOOTH_EVENT_GATT_ATT_MTU_CHANGED,
 			param);
-	g_free(event);
 }
 
 static void __bt_gatt_event_handler(int event_type, gpointer event_data)
@@ -1918,87 +1898,73 @@ static void __bt_gatt_event_handler(int event_type, gpointer event_data)
 	switch (event_type) {
 		case OAL_EVENT_BLE_SERVER_INSTANCE_INITIALISED: {
 		BT_INFO("OAL Event: Server Instance Registered");
-		event_gatts_register_t* event = g_memdup(event_data, sizeof(event_gatts_register_t));
 		/* GATT Server Registered event is handled in MAIN thread context */
-		__bt_handle_server_instance_registered(event);
+		__bt_handle_server_instance_registered((event_gatts_register_t *)event_data);
 		break;
 								}
 	case OAL_EVENT_GATTS_SERVICE_ADDED: {
 		BT_INFO("OAL Event: GATT Service added");
-		event_gatts_srvc_prm_t *service_parm = g_memdup(event_data, sizeof(event_gatts_srvc_prm_t));
-		__bt_handle_gatt_server_service_added(service_parm);
+		__bt_handle_gatt_server_service_added((event_gatts_srvc_prm_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_CHARACTERISTIC_ADDED: {
 		BT_INFO("OAL Event: GATT characteristic added");
-		event_gatts_srvc_charctr_t *char_parm = g_memdup(event_data, sizeof(event_gatts_srvc_charctr_t));
-		__bt_handle_gatt_server_characteristic_added(char_parm);
+		__bt_handle_gatt_server_characteristic_added((event_gatts_srvc_charctr_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_DESCRIPTOR_ADDED: {
 		BT_INFO("OAL Event: GATT descriptor added");
-		event_gatts_srvc_descr_t *desc_parm = g_memdup(event_data, sizeof(event_gatts_srvc_descr_t));
-		__bt_handle_gatt_server_descriptor_added(desc_parm);
+		__bt_handle_gatt_server_descriptor_added((event_gatts_srvc_descr_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_SERVICE_STARTED: {
 		BT_INFO("OAL Event: GATT Service started");
-		event_gatts_srvc_t *svc_started = g_memdup(event_data, sizeof(event_gatts_srvc_t));
-		__bt_handle_gatt_server_service_started(svc_started);
+		__bt_handle_gatt_server_service_started((event_gatts_srvc_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_SERVICE_STOPED: {
 		BT_INFO("OAL Event: GATT Service stopped");
-		event_gatts_srvc_t *svc_stopped = g_memdup(event_data, sizeof(event_gatts_srvc_t));
-		__bt_handle_gatt_server_service_stopped(svc_stopped);
+		__bt_handle_gatt_server_service_stopped((event_gatts_srvc_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_SERVICE_DELETED: {
 		BT_INFO("OAL Event: GATT Service deleted");
-		event_gatts_srvc_t *svc_deleted = g_memdup(event_data, sizeof(event_gatts_srvc_t));
-		__bt_handle_gatt_server_service_deleted(svc_deleted);
+		__bt_handle_gatt_server_service_deleted((event_gatts_srvc_t *) event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_CONNECTION_COMPLETED: {
 		BT_INFO("OAL Event: GATT Server Connected");
-		event_gatts_conn_t* event = g_memdup(event_data, sizeof(event_gatts_conn_t));
-		__bt_handle_gatt_server_connection_state(event);
+		__bt_handle_gatt_server_connection_state((event_gatts_conn_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_DISCONNECTION_COMPLETED: {
 		BT_INFO("OAL Event: GATT Server Disconnected");
-		event_gatts_conn_t* event = g_memdup(event_data, sizeof(event_gatts_conn_t));
-		__bt_handle_gatt_server_disconnection_state(event);
+		__bt_handle_gatt_server_disconnection_state((event_gatts_conn_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_REQUEST_READ: {
 		BT_INFO("OAL Event: GATT Server Read Request");
-		event_gatts_srvc_read_attr_t *read_req = g_memdup(event_data, sizeof(event_gatts_srvc_read_attr_t));
-		__bt_handle_gatt_server_read_requested(read_req);
+		__bt_handle_gatt_server_read_requested((event_gatts_srvc_read_attr_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_REQUEST_WRITE: {
 		BT_INFO("OAL Event: GATT Server Write Request");
-		event_gatts_srvc_write_attr_t *write_req = g_memdup(event_data, sizeof(event_gatts_srvc_write_attr_t));
-		__bt_handle_gatt_server_write_requested(write_req);
+		__bt_handle_gatt_server_write_requested((event_gatts_srvc_write_attr_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_IND_CONFIRM: {
 		BT_INFO("OAL Event: GATT Server Indication confirmed");
-		event_gatts_ind_cnfrm_t *parm = g_memdup(event_data, sizeof(event_gatts_ind_cnfrm_t));
-		__bt_handle_gatt_server_indicate_confirmed(parm);
+		__bt_handle_gatt_server_indicate_confirmed((event_gatts_ind_cnfrm_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_NOTIFICATION: { /* Tizen Platform Specific */
 		BT_INFO("OAL Event: GATT Server DisConnected");
-		event_gatts_notif_t* notif = g_memdup(event_data, sizeof(event_gatts_notif_t));
-		__bt_handle_gatt_server_notification_changed(notif);
+		__bt_handle_gatt_server_notification_changed((event_gatts_notif_t *)event_data);
 		break;
 	}
 	case OAL_EVENT_GATTS_MTU_CHANGED: {
 		BT_INFO("OAL Event: GATT Server MTU changed event callback");
-		event_gatts_mtu_changed_t *mtu_changed = g_memdup(event_data, sizeof(event_gatts_mtu_changed_t));
-		__bt_handle_gatt_mtu_changed_event(mtu_changed);
+		__bt_handle_gatt_mtu_changed_event((event_gatts_mtu_changed_t *)event_data);
 		break;
 	}
 #ifdef TIZEN_GATT_CLIENT
diff --git a/bt-service-adaptation/services/obex/bt-service-map-client.c b/bt-service-adaptation/services/obex/bt-service-map-client.c
index 08f0295..15c0e85 100644
--- a/bt-service-adaptation/services/obex/bt-service-map-client.c
+++ b/bt-service-adaptation/services/obex/bt-service-map-client.c
@@ -658,7 +658,8 @@ int _bt_map_client_push_message(
 		}
 	}
 
-	g_object_unref(message_access_proxy);
+	if (message_access_proxy)
+		g_object_unref(message_access_proxy);
 	BT_DBG("-");
 
 	return result;
@@ -756,7 +757,8 @@ int _bt_map_client_get_message(
 		}
 	}
 
-	g_object_unref(message_proxy);
+	if (message_proxy)
+		g_object_unref(message_proxy);
 	BT_DBG("-");
 
 	return result;
-- 
2.7.4