gatt_client: stop timer on disconnect - fixes use after free / crash

This commit is contained in:
Matthias Ringwald 2018-09-11 08:32:03 +02:00
parent eea99214d9
commit cce308d626
2 changed files with 4 additions and 2 deletions

View File

@ -12,7 +12,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Fixed
- HCI/L2CAP: Error creating outgoing connection (e.g. Connection Limit Exceeded) now handled
- RFCOMM: Trigger l2cap request to send on rfcomm credits when client is waiting to sendtrigger l2cap request to send on rfcomm credits when client is waiting to send
- L2CAP: Try to emit 'can send now' on HCI Disconnect, if all ACL buffers in Bluetooth Controller have been used for the closed connection
- L2CAP: Evaluate 'can send now' on HCI Disconnect as ACL buffers in Bluetooth Controller have been used for the closed connection are freed implicitly
- GATT Client: stop timer on disconnect - fixes use after free / crash
## Changes August 2018

View File

@ -1092,8 +1092,9 @@ static void gatt_client_event_packet_handler(uint8_t packet_type, uint16_t chann
con_handle = little_endian_read_16(packet,3);
peripheral = get_gatt_client_context_for_handle(con_handle);
if (!peripheral) break;
gatt_client_report_error_if_pending(peripheral, ATT_ERROR_HCI_DISCONNECT_RECEIVED);
gatt_client_report_error_if_pending(peripheral, ATT_ERROR_HCI_DISCONNECT_RECEIVED);
gatt_client_timeout_stop(peripheral);
btstack_linked_list_remove(&gatt_client_connections, (btstack_linked_item_t *) peripheral);
btstack_memory_gatt_client_free(peripheral);
break;