From ce9ea846e91e20b888a03f87acd272e35d66479a Mon Sep 17 00:00:00 2001 From: Georg Chini Date: Fri, 21 Apr 2017 21:49:58 +0200 Subject: [PATCH] bluez5-util: Fix segfault during shutdown of daemon If a HFP audio gateway was connected via the ofono backend, pulse would segfault during shutdown of the daemon. pa_bluetooth_discovery_unref() removed the devices and transports before the ofono backend was freed. Because the ofono backend keeps its own list of transports, transport_free() was then called during termination of the ofono backend with an invalid transport. Bug reported by Andrew Hlynskyi. This patch moves the termination of the ofono and native backends before freeing the devices. --- src/modules/bluetooth/bluez5-util.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/modules/bluetooth/bluez5-util.c b/src/modules/bluetooth/bluez5-util.c index 23100fca0..8956fb13a 100644 --- a/src/modules/bluetooth/bluez5-util.c +++ b/src/modules/bluetooth/bluez5-util.c @@ -1807,6 +1807,11 @@ void pa_bluetooth_discovery_unref(pa_bluetooth_discovery *y) { pa_dbus_free_pending_list(&y->pending); + if (y->ofono_backend) + pa_bluetooth_ofono_backend_free(y->ofono_backend); + if (y->native_backend) + pa_bluetooth_native_backend_free(y->native_backend); + if (y->adapters) pa_hashmap_free(y->adapters); @@ -1818,11 +1823,6 @@ void pa_bluetooth_discovery_unref(pa_bluetooth_discovery *y) { pa_hashmap_free(y->transports); } - if (y->ofono_backend) - pa_bluetooth_ofono_backend_free(y->ofono_backend); - if (y->native_backend) - pa_bluetooth_native_backend_free(y->native_backend); - if (y->connection) { if (y->matches_added)