read_watch_destroy is called when received_data returns FALSE.
free mgmt in read_watch_destroy instead of received_data to avoid
use after free.
Invalid write of size 4
at 0x8051604: read_watch_destroy (mgmt.c:271)
by 0x48C7468E: g_source_callback_unref (gmain.c:1457)
by 0x48C77287: g_main_context_dispatch (gmain.c:2723)
by 0x48C774FF: g_main_context_iterate.isra.22 (gmain.c:3290)
by 0x48C77962: g_main_loop_run (gmain.c:3484)
by 0x805393E: tester_run (tester.c:784)
by 0x804D1C7: main (mgmt-tester.c:2558)
Address 0x4039b80 is 16 bytes inside a block of size 76 free'd
at 0x4007F0F: free (vg_replace_malloc.c:446)
by 0x48C7D44B: standard_free (gmem.c:98)
by 0x48C7D607: g_free (gmem.c:252)
by 0x8051BB6: received_data (mgmt.c:337)
by 0x48CBA72E: g_io_unix_dispatch (giounix.c:167)
by 0x48C7715A: g_main_context_dispatch (gmain.c:2715)
by 0x48C774FF: g_main_context_iterate.isra.22 (gmain.c:3290)
by 0x48C77962: g_main_loop_run (gmain.c:3484)
by 0x805393E: tester_run (tester.c:784)
by 0x804D1C7: main (mgmt-tester.c:2558)
This enables registering for addressed player changed event and handle
the interim response setting the player id and uid counter to the current
player.
Currently we are repeating the same command twice for notification, first
for changed and then latter for interim response.
To avoid this the code now just do it for interim responses, changed
responses just trigger another registration.
This interface adds support for browsing and searching in the player's
storage using AVRCP 1.4/1.5.
Some remarks about the design:
- Exposing UIDCounter and UIDs was considered, but the spec seems to have
missed to define the player's id persistency. There are also the fact that
UIDCounter alone does not guarantee persistency across sessions and do not
provide what exact items have changed, so in the end exposing these
details will bring almost no value.
- Indexing or caching the whole media library is not recommended, Bluetooth
is too slow for that and even vendors such as Apple do not recommend doing
it, so the only items keep in cache are the current listed ones.
- Addressed vs Browsed player is done implicitly when accessed, this was done
to simplify the API and avoid confusions between applications and players.
56 (16 direct, 40 indirect) bytes in 1 blocks are definitely lost in loss record 173 of 263
at 0x4A0883C: malloc (vg_replace_malloc.c:270)
by 0x4C8568E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x4C9A7F1: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x4C9BB92: g_slist_append (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x422072: send_req (avdtp.c:2569)
by 0x422D0B: avdtp_discover (avdtp.c:3380)
by 0x41D16C: source_setup_stream (source.c:307)
by 0x41D1EF: source_connect (source.c:331)
by 0x465411: connect_next (device.c:1073)
by 0x466C92: device_profile_connected (device.c:1097)
by 0x4629EB: ext_connect (profile.c:950)
by 0x44AECB: connect_cb (btio.c:230)
If we haven't published an interface yet (i.e. it's in the data->added
list), we should just ignore any property changed indications as the
values for the properties will anyway be part of the InterfacesAdded
signal.
Once the error is informed to the callback it should be properly freed and
set to NULL otherwise a subsequent operation may end up reusing the same
error which might lead to crashes.
651 (280 direct, 371 indirect) bytes in 7 blocks are definitely lost in loss record 306 of 332
at 0x4A06B2F: calloc (vg_replace_malloc.c:593)
by 0x319724D706: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x418A54: avctp_send_browsing_req (avctp.c:1457)
by 0x41A330: avrcp_handle_event (avrcp.c:1998)
by 0x417810: session_cb (avctp.c:702)
by 0x3197247A74: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x3197247DA7: ??? (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x31972481A1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x409D6E: main (main.c:583)
This reverts commit 53d3fc3fad that leads
to always destroy the browsing channel because the callback changes the
state.
To fix session_browsing_cb naw takes care of destroying the channel if it
disconnects.