| Message ID | 20200918173436.3184738-1-luiz.dentz@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] avdtp: Fix not checking if stream is already set as pending open | expand |
Hi, On Fri, Sep 18, 2020 at 10:34 AM Luiz Augusto von Dentz <luiz.dentz@gmail.com> wrote: > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > When receiving a Open command the stream will be set as pending_open but > the remote may attempt to send yet another Open command in the meantime > resulting in another setup and yet another timer leaving the old timer > active which will likely cause a crash when it expires. > --- > profiles/audio/avdtp.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c > index 782268c08..e0c6f44f0 100644 > --- a/profiles/audio/avdtp.c > +++ b/profiles/audio/avdtp.c > @@ -1687,7 +1687,7 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, > > stream = sep->stream; > > - if (sep->ind && sep->ind->open) { > + if (sep->ind && sep->ind->open && !session->pending_open) { > if (!sep->ind->open(session, sep, stream, &err, > sep->user_data)) > goto failed; > @@ -1699,11 +1699,13 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, > AVDTP_OPEN, NULL, 0)) > return FALSE; > > - stream->open_acp = TRUE; > - session->pending_open = stream; > - stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, > + if (!session->pending_open) { > + stream->open_acp = TRUE; > + session->pending_open = stream; > + stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, > stream_open_timeout, > stream); > + } > > return TRUE; > > -- > 2.26.2 Pushed.
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c index 782268c08..e0c6f44f0 100644 --- a/profiles/audio/avdtp.c +++ b/profiles/audio/avdtp.c @@ -1687,7 +1687,7 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, stream = sep->stream; - if (sep->ind && sep->ind->open) { + if (sep->ind && sep->ind->open && !session->pending_open) { if (!sep->ind->open(session, sep, stream, &err, sep->user_data)) goto failed; @@ -1699,11 +1699,13 @@ static gboolean avdtp_open_cmd(struct avdtp *session, uint8_t transaction, AVDTP_OPEN, NULL, 0)) return FALSE; - stream->open_acp = TRUE; - session->pending_open = stream; - stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, + if (!session->pending_open) { + stream->open_acp = TRUE; + session->pending_open = stream; + stream->timer = g_timeout_add_seconds(REQ_TIMEOUT, stream_open_timeout, stream); + } return TRUE;
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> When receiving a Open command the stream will be set as pending_open but the remote may attempt to send yet another Open command in the meantime resulting in another setup and yet another timer leaving the old timer active which will likely cause a crash when it expires. --- profiles/audio/avdtp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)