| Message ID | 20200401232733.10686-1-luiz.dentz@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [BlueZ] gatt: Fix Acquire* reply handling | expand |
Hi Luiz, On Thursday, 2 April 2020 01:27:33 CEST Luiz Augusto von Dentz wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > Originally these operation did not set any owner_queue which caused > them to crash if the attribute is freed before the respose, to fix that > the reply will now check if owner_queue was reset to NULL which means > the attribute is no longer available but the owner_queue was never set > in the first place so this ensures they are now setup properly. > --- > src/gatt-database.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/src/gatt-database.c b/src/gatt-database.c > index 11d886c56..483c84341 100644 > --- a/src/gatt-database.c > +++ b/src/gatt-database.c > @@ -2485,8 +2485,8 @@ static struct pending_op *acquire_write(struct > external_chrc *chrc, { > struct pending_op *op; > > - op = pending_write_new(device, NULL, attrib, id, value, len, 0, > - link_type, false, false); > + op = pending_write_new(device, chrc->pending_writes, attrib, id, value, > + len, 0, link_type, false, false); > > if (g_dbus_proxy_method_call(chrc->proxy, "AcquireWrite", > acquire_write_setup, > @@ -2618,6 +2618,7 @@ static uint8_t ccc_write_cb(struct pending_op *op, > void *user_data) if (g_dbus_proxy_get_property(chrc->proxy, > "NotifyAcquired", &iter)) { op->data.iov_base = (void *) chrc; > op->data.iov_len = sizeof(chrc); > + op->owner_queue = chrc->pending_writes; > if (g_dbus_proxy_method_call(chrc->proxy, "AcquireNotify", > acquire_notify_setup, > acquire_notify_reply, Patch applied, thanks.
diff --git a/src/gatt-database.c b/src/gatt-database.c index 11d886c56..483c84341 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -2485,8 +2485,8 @@ static struct pending_op *acquire_write(struct external_chrc *chrc, { struct pending_op *op; - op = pending_write_new(device, NULL, attrib, id, value, len, 0, - link_type, false, false); + op = pending_write_new(device, chrc->pending_writes, attrib, id, value, + len, 0, link_type, false, false); if (g_dbus_proxy_method_call(chrc->proxy, "AcquireWrite", acquire_write_setup, @@ -2618,6 +2618,7 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data) if (g_dbus_proxy_get_property(chrc->proxy, "NotifyAcquired", &iter)) { op->data.iov_base = (void *) chrc; op->data.iov_len = sizeof(chrc); + op->owner_queue = chrc->pending_writes; if (g_dbus_proxy_method_call(chrc->proxy, "AcquireNotify", acquire_notify_setup, acquire_notify_reply,
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Originally these operation did not set any owner_queue which caused them to crash if the attribute is freed before the respose, to fix that the reply will now check if owner_queue was reset to NULL which means the attribute is no longer available but the owner_queue was never set in the first place so this ensures they are now setup properly. --- src/gatt-database.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)