[pulseaudio-commits] [Git][pulseaudio/pulseaudio][master] bluetooth: Fix crash when disabling Bluetooth adapter
Tanu Kaskinen
gitlab at gitlab.freedesktop.org
Tue Jul 2 06:10:32 UTC 2019
Tanu Kaskinen pushed to branch master at PulseAudio / pulseaudio
Commits:
f89d64b9 by Frédéric Danis at 2019-07-02T06:06:07Z
bluetooth: Fix crash when disabling Bluetooth adapter
This crash occurs when PA is connected to a phone through the oFono
backend.
When disabling the Bluetooth adapter, pa_bluetooth_device is removed before
hf_audio_card. Both keep refs on pa_bluetooth_transport. Those removal will
call pa_bluetooth_transport_free() from device_free() (bluez5-util.c) and
hf_audio_card_free() (backend-ofono.c).
In the end, the call to pa_bluetooth_transport_free() calls
pa_hasmap_remove() through pa_bluetooth_transport_unlink(), but since
memory has already been freed, the second try results in a segfault.
Triggering hf_audio_card removal during pa_bluetooth_device removal allows
hf_audio_card to be freed at the right time.
- - - - -
3 changed files:
- src/modules/bluetooth/backend-ofono.c
- src/modules/bluetooth/bluez5-util.c
- src/modules/bluetooth/bluez5-util.h
Changes:
=====================================
src/modules/bluetooth/backend-ofono.c
=====================================
@@ -70,6 +70,7 @@ struct hf_audio_card {
int (*acquire)(struct hf_audio_card *card);
pa_bluetooth_transport *transport;
+ pa_hook_slot *device_unlink_slot;
};
struct pa_bluetooth_backend {
@@ -181,6 +182,17 @@ static int card_acquire(struct hf_audio_card *card) {
return -1;
}
+static void hf_audio_agent_card_removed(pa_bluetooth_backend *backend, const char *path);
+
+static pa_hook_result_t device_unlink_cb(pa_bluetooth_discovery *y, const pa_bluetooth_device *d, struct hf_audio_card *card) {
+ pa_assert(d);
+ pa_assert(card);
+
+ hf_audio_agent_card_removed(card->backend, card->path);
+
+ return PA_HOOK_OK;
+}
+
static struct hf_audio_card *hf_audio_card_new(pa_bluetooth_backend *backend, const char *path) {
struct hf_audio_card *card = pa_xnew0(struct hf_audio_card, 1);
@@ -189,12 +201,18 @@ static struct hf_audio_card *hf_audio_card_new(pa_bluetooth_backend *backend, co
card->fd = -1;
card->acquire = card_acquire;
+ card->device_unlink_slot = pa_hook_connect(pa_bluetooth_discovery_hook(backend->discovery, PA_BLUETOOTH_HOOK_DEVICE_UNLINK),
+ PA_HOOK_NORMAL, (pa_hook_cb_t) device_unlink_cb, card);
+
return card;
}
static void hf_audio_card_free(struct hf_audio_card *card) {
pa_assert(card);
+ if (card->device_unlink_slot)
+ pa_hook_slot_free(card->device_unlink_slot);
+
if (card->transport)
pa_bluetooth_transport_free(card->transport);
=====================================
src/modules/bluetooth/bluez5-util.c
=====================================
@@ -562,6 +562,8 @@ static void device_free(pa_bluetooth_device *d) {
device_stop_waiting_for_profiles(d);
+ pa_hook_fire(&d->discovery->hooks[PA_BLUETOOTH_HOOK_DEVICE_UNLINK], d);
+
for (i = 0; i < PA_BLUETOOTH_PROFILE_COUNT; i++) {
pa_bluetooth_transport *t;
=====================================
src/modules/bluetooth/bluez5-util.h
=====================================
@@ -47,6 +47,7 @@ typedef struct pa_bluetooth_backend pa_bluetooth_backend;
typedef enum pa_bluetooth_hook {
PA_BLUETOOTH_HOOK_DEVICE_CONNECTION_CHANGED, /* Call data: pa_bluetooth_device */
+ PA_BLUETOOTH_HOOK_DEVICE_UNLINK, /* Call data: pa_bluetooth_device */
PA_BLUETOOTH_HOOK_TRANSPORT_STATE_CHANGED, /* Call data: pa_bluetooth_transport */
PA_BLUETOOTH_HOOK_TRANSPORT_MICROPHONE_GAIN_CHANGED, /* Call data: pa_bluetooth_transport */
PA_BLUETOOTH_HOOK_TRANSPORT_SPEAKER_GAIN_CHANGED, /* Call data: pa_bluetooth_transport */
View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/f89d64b98e12bb71b6aa94fcef31eafc060f9759
--
View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/commit/f89d64b98e12bb71b6aa94fcef31eafc060f9759
You're receiving this email because of your account on gitlab.freedesktop.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/pulseaudio-commits/attachments/20190702/00bad421/attachment-0001.html>
More information about the pulseaudio-commits
mailing list