This simplify a bit the handling by introducing common checks before
calling the handler callback, it is also much easier to add/remove
new PDUs in this way.
When the avctp channel is not connected, we call
g_io_channel_unix_get_fd() with a NULL pointer. Glib does not check the
pointer before dereferencing it, causing bluetoothd to segv.
Move the function call to the place it's actually needed, after the
safety checks.
The header files with constants and structures for audio specific
interaction with Pulseaudio are suppose to be under LGPL license.
For some odd reason a2dp-codecs.h ended up being under GPL license
which is against the intention of this being shared and re-used by
non-GPL programs. Fix this now to avoid any future confusion.
When a HFPHS endpoint is created, media will start to watch for
HandsfreeGateway state changes. media call SetConfiguration upon
connection and ClearConfiguration upon disconnection.
If SetConfiguration call fails, the headset or gateway for which
SetConfiguration is called is disconnected. This will free any
pending request, but this does not prevent the request to
terminate (endpoint_reply) and try to free itself once again.
Note that a copy of the freed pointer is tested which has not
been updated.
AVDTP_CONNECT_TIMEOUT controls the delay between HSP/HFP
connection establishment and AVDTP signal channel establishment.
The original value of 1 sec. is too short to avoid racing for AVDTP
connection establishment (eg., if the device continues to configure
the HFP service level connection with additional AT cmds).
Some devices have broken AVDTP implementations that just cannot
handle the race conditions that arise if both devices are attempting
stream establishment at the same time. However, these conditions arise
only when the remote device is the ACL initiator (and in practice, the
RFCOMM initiator as well). This fix bumps out the timeout value only
when the headset has initiated the link.
AVRCP_GET_PLAYER_ATTRIBUTE_TEXT and AVRCP_GET_PLAYER_VALUE_TEXT shall
only be used if TG has extended attributes.
For the ones defined in AVRCP spec these commands should not be called.
Since we do not have extended attributes yet we can ignore those
commands.
When we disconnect an A2DP device by immediate power off and quickly
also initiate a disconnection from our side, a crash is occurring. This
is happening because of the disconnect_timeout coming after freeing the
session.
This also fix the circular dependency of media.c and a2dp.c
Invalid read of size 8
at 0x4EA8CC2: g_slice_free_chain_with_offset (in /lib64/libglib-2.0.so.0.2908.0)
by 0x13AF33: path_free (media.c:417)
by 0x11EB39: remove_interface (object.c:563)
by 0x11F360: g_dbus_unregister_interface (object.c:715)
by 0x120C49: media_server_remove (manager.c:1098)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
by 0x178915: adapter_remove (adapter.c:2326)
by 0x17535F: btd_manager_unregister_adapter (manager.c:293)
by 0x154081: device_event (hciops.c:2643)
by 0x1543C1: io_stack_event (hciops.c:2763)
by 0x4E8C88C: g_main_context_dispatch (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4E8D087: ??? (in /lib64/libglib-2.0.so.0.2908.0)
Address 0x63f6638 is 8 bytes inside a block of size 16 free'd
at 0x4A055FE: free (vg_replace_malloc.c:366)
by 0x4E938F2: g_free (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4EA854E: g_slice_free1 (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4EA930C: g_slist_remove (in /lib64/libglib-2.0.so.0.2908.0)
by 0x13AE53: media_endpoint_remove (media.c:118)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4EA984A: g_slist_free_full (in /lib64/libglib-2.0.so.0.2908.0)
by 0x13AF33: path_free (media.c:417)
by 0x11EB39: remove_interface (object.c:563)
by 0x11F360: g_dbus_unregister_interface (object.c:715)
by 0x120C49: media_server_remove (manager.c:1098)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
If ringtone is loud enough, it may leak to microphone when call is
answered via Bluetooth headset. As result, it can be heard on remote
end. Therefore, playing ringtone shall be stopped as fast as possible
before answering a call.
The AVDTP spec allows for a race condition between remote and local
device when issuing an AVDTP_START cmd on a stream in the OPEN state.
However, the internal state must continue to be consistent. For example,
suppose that avdtp_start() has been called while in the OPEN state and
a AVDTP_START cmd is sent. Now before we have received a response (and
thus entered the STREAMING state), we *receive* a START cmd. Prior to
this fix, since the sep is still in the OPEN state, we would accept
the new START cmd. This will leads us to send both a Start_Ind and
Start_Cfm - not good.
Now, we track this transitional state (starting == TRUE).
NB - 'starting' is only in a valid state while the sep is in the
OPEN state. 'starting' is reset when we return to the OPEN state.
