From ff329cdabb9ed5864ff6821aaab137844f9940d5 Mon Sep 17 00:00:00 2001 From: Sagar Nageshmurthy Date: Tue, 24 Mar 2015 17:17:03 +0530 Subject: [PATCH] Fix: Prevent calling pa_rtpoll_free() for a NULL rtpoll Flushing the asyncmsgq can cause arbitrarily callbacks to run, potentially causing recursion into pa_thread_mq_done again. Because of this; rtpoll which is cleared in the second iteration is tried to free once again by the first iteration leading to PA crash. --- src/modules/bluetooth/module-bluez5-device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/bluetooth/module-bluez5-device.c b/src/modules/bluetooth/module-bluez5-device.c index 7238e6f81..6ebcda23c 100644 --- a/src/modules/bluetooth/module-bluez5-device.c +++ b/src/modules/bluetooth/module-bluez5-device.c @@ -1575,9 +1575,9 @@ static void stop_thread(struct userdata *u) { } if (u->rtpoll) { - pa_thread_mq_done(&u->thread_mq); pa_rtpoll_free(u->rtpoll); u->rtpoll = NULL; + pa_thread_mq_done(&u->thread_mq); } if (u->transport) {