mirrors/pulseaudio
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git synced 2026-02-18 22:05:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

bluetooth: Fix crash when disabling Bluetooth adapter

Browse source 
This crash occurs when PA is connected to a phone through the oFono
backend.
When disabling the Bluetooth adapter, pa_bluetooth_device is removed before
hf_audio_card. Both keep refs on pa_bluetooth_transport. Those removal will
call pa_bluetooth_transport_free() from device_free() (bluez5-util.c) and
hf_audio_card_free() (backend-ofono.c).
In the end, the call to pa_bluetooth_transport_free() calls
pa_hasmap_remove() through pa_bluetooth_transport_unlink(), but since
memory has already been freed, the second try results in a segfault.

Triggering hf_audio_card removal during pa_bluetooth_device removal allows
hf_audio_card to be freed at the right time.
This commit is contained in:
Frédéric Danis 2019-06-19 11:09:11 +02:00 committed by Tanu Kaskinen
parent 661b13d50d
commit f89d64b98e
3 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/modules/bluetooth/bluez5-util.h
View file

@ -47,6 +47,7 @@ typedef struct pa_bluetooth_backend pa_bluetooth_backend;
typedef enum pa_bluetooth_hook {
PA_BLUETOOTH_HOOK_DEVICE_CONNECTION_CHANGED, /* Call data: pa_bluetooth_device */
PA_BLUETOOTH_HOOK_DEVICE_UNLINK, /* Call data: pa_bluetooth_device */
PA_BLUETOOTH_HOOK_TRANSPORT_STATE_CHANGED, /* Call data: pa_bluetooth_transport */
PA_BLUETOOTH_HOOK_TRANSPORT_MICROPHONE_GAIN_CHANGED, /* Call data: pa_bluetooth_transport */
PA_BLUETOOTH_HOOK_TRANSPORT_SPEAKER_GAIN_CHANGED, /* Call data: pa_bluetooth_transport */