| Message ID | 20210916223825.276530-2-luiz.dentz@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Luiz Von Dentz |
| Headers | show |
| Series | [BlueZ,1/2] admin: Fix leaking uuids loads from storage | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/checkpatch | success | Checkpatch PASS |
| tedd_an/gitlint | success | Gitlint PASS |
diff --git a/plugins/admin.c b/plugins/admin.c index c232c057c..7b7190a06 100644 --- a/plugins/admin.c +++ b/plugins/admin.c @@ -590,6 +590,7 @@ static void admin_policy_remove(struct btd_adapter *adapter) queue_foreach(devices, unregister_device_data, NULL); queue_destroy(devices, g_free); + devices = NULL; if (policy_data) { admin_policy_destroy(policy_data); @@ -621,7 +622,6 @@ static void admin_exit(void) DBG(""); btd_unregister_adapter_driver(&admin_policy_driver); - admin_policy_remove(NULL); } BLUETOOTH_PLUGIN_DEFINE(admin, VERSION,
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Fixes the following double free which happen due to exit calling btd_unregister_adapter_driver: Invalid read of size 8 at 0x1CDA97: queue_foreach (queue.c:198) by 0x1318B8: admin_policy_remove (admin.c:591) by 0x18982A: plugin_cleanup (plugin.c:217) by 0x12E3FD: main (main.c:1214) Address 0x547ffb8 is 8 bytes inside a block of size 32 free'd at 0x483A9F5: free (vg_replace_malloc.c:538) by 0x1318CB: admin_policy_remove (admin.c:592) by 0x18F416: unload_driver (adapter.c:7215) by 0x496F50F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.6600.8) by 0x131988: admin_exit (admin.c:623) by 0x18982A: plugin_cleanup (plugin.c:217) by 0x12E3FD: main (main.c:1214) Block was alloc'd at at 0x4839809: malloc (vg_replace_malloc.c:307) by 0x1CDE1E: btd_malloc (util.c:33) by 0x1CD83D: queue_new (queue.c:47) by 0x13150D: admin_init (admin.c:614) by 0x18966B: plugin_init (plugin.c:187) by 0x12E358: main (main.c:1198) --- plugins/admin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)