This sometimes cause bluetoothd to burn cpu when an adapter is removed
from the system.
Since the watch is not really bond to any adapter, in fact it is added on
plugin .init, its removal is now moved to plugin .exit.
Invalid read of size 4
at 0x178A20: adapter_get_address (string3.h:52)
by 0x174C28: adapter_cmp (manager.c:324)
by 0x4EA95B0: g_slist_find_custom (in /lib64/libglib-2.0.so.0.2908.0)
by 0x174ED9: manager_find_adapter (manager.c:333)
by 0x16ABFA: sdp_record_remove (sdpd-database.c:270)
by 0x16A4D6: remove_record_from_server (sdpd-service.c:286)
by 0x12A947: avrcp_unregister (control.c:972)
by 0x1208CC: avrcp_server_remove (manager.c:1066)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
by 0x178985: adapter_remove (adapter.c:2326)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4EA984A: g_slist_free_full (in /lib64/libglib-2.0.so.0.2908.0)
Address 0x603ccd0 is 16 bytes inside a block of size 448 free'd
at 0x4A055FE: free (vg_replace_malloc.c:366)
by 0x4E938F2: g_free (in /lib64/libglib-2.0.so.0.2908.0)
by 0x11EB59: remove_interface (object.c:563)
by 0x11F380: g_dbus_unregister_interface (object.c:715)
by 0x1787EC: btd_adapter_unref (adapter.c:2496)
by 0x4EA9826: g_slist_foreach (in /lib64/libglib-2.0.so.0.2908.0)
by 0x4EA984A: g_slist_free_full (in /lib64/libglib-2.0.so.0.2908.0)
by 0x174E96: manager_cleanup (manager.c:301)
by 0x11CCE8: main (main.c:305)
If the device is disconnected and the first ATT connection callback is
registered, the first connection attempt can be triggered instead of
waiting the timer.
This initial approach uses a hardcoded timer(45s). Passive scanning
or any other mechanism to avoid unnecessary connection attempt is not
supported at the moment. For LE, device discovery needs to be executed
to update the kernel advertising cache to allow re-connections.
Function intends to be used by profiles to inform that a connection
is required and the callback that needs to be called when the it is
established. New header is required to avoid non GATT based profiles
including GAttrib header.
The Nintendo Wii Remote requires binary bluetooth addresses as PINs.
This is not possible via dbus agent API. So this adds a plugin that
registers a pin-callback and forces the right pin for every
authentication request of wiimotes.
Plugins may now register pincode callbacks which are called when the
authentication of a new device requires a pincode. This allows to have
hard-coded binary pins inside the daemon to circumvent the public D-Bus
API restrictions (only valid UTF8 strings).
The callbacks shall check via VID/PID information whether they support
the device and if not, return 0 so the D-Bus API is used to query the
current agent for pin input.
D-Bus connection is set by the callers of the discover primary service
function on both situations: create device without bonding or after
bonding complete.
Fix Paired device property if 'No Bonding' authentication is used. It is
set to be false when device is disconnected and no link key is stored.
Otherwise, there can be cases when device is still valid and being
claimed as paired without available bonding information.
For instanse, use of CreateDevice method call and obex client file
transfer is such use case.
The AVDTP spec allows for a race condition between remote and local
device when issuing an AVDTP_START cmd on a stream in the OPEN state.
However, the internal state must continue to be consistent. For example,
suppose that avdtp_start() has been called while in the OPEN state and
a AVDTP_START cmd is sent. Now before we have received a response (and
thus entered the STREAMING state), we *receive* a START cmd. Prior to
this fix, since the sep is still in the OPEN state, we would accept
the new START cmd. This will leads us to send both a Start_Ind and
Start_Cfm - not good.
Now, we track this transitional state (starting == TRUE).
NB - 'starting' is only in a valid state while the sep is in the
OPEN state. 'starting' is reset when we return to the OPEN state.
Covers the Proximity Monitor for Link Loss, Tx Power and Immediate
Alert services. This first proposal considers that the connections
will be managed by the bluetoothd core based on the registered
connection callbacks.
Only one instance of Immediate Alert service is allowed, "Alert Level"
characteristic of this service is used by Find Me and Path Loss. Note
that "Alert Level" for Path Loss is a LOCAL property written in the
Immediate Alert service when the threshold is reached. For Find Me
the user/application needs to actively enable the alert in the Immediate
Alert service. Link Loss has it's own instance of Alert Level
characteristic.
This is probably a glib bug on g_slist_free_full which doesn't handle the
case where the list is modified inside the callback:
Invalid read of size 8
at 0x50AD5B2: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x13057B: a2dp_unregister (a2dp.c:1550)
by 0x12144C: a2dp_server_remove (manager.c:1032)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x178B55: adapter_remove (adapter.c:2326)
by 0x175205: manager_remove_adapter (manager.c:290)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
Address 0x637a5e8 is 8 bytes inside a block of size 16 free'd
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD9FC: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x12E5C6: a2dp_remove_sep (a2dp.c:1667)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x13057B: a2dp_unregister (a2dp.c:1550)
by 0x12144C: a2dp_server_remove (manager.c:1032)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x178B55: adapter_remove (adapter.c:2326)
by 0x175205: manager_remove_adapter (manager.c:290)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
Invalid free() / delete / delete[]
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD5A3: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x13057B: a2dp_unregister (a2dp.c:1550)
by 0x12144C: a2dp_server_remove (manager.c:1032)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x178B55: adapter_remove (adapter.c:2326)
by 0x175205: manager_remove_adapter (manager.c:290)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
Address 0x637a5e0 is 0 bytes inside a block of size 16 free'd
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD9FC: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x12E5C6: a2dp_remove_sep (a2dp.c:1667)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x13057B: a2dp_unregister (a2dp.c:1550)
by 0x12144C: a2dp_server_remove (manager.c:1032)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x178B55: adapter_remove (adapter.c:2326)
by 0x175205: manager_remove_adapter (manager.c:290)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
Invalid read of size 8
at 0x50AD5B2: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
Address 0x62b7ea8 is 8 bytes inside a block of size 16 free'd
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD9FC: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x1751AE: manager_remove_adapter (manager.c:275)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
Invalid free() / delete / delete[]
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD5A3: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
Address 0x62b7ea0 is 0 bytes inside a block of size 16 free'd
at 0x4C27D6E: free (vg_replace_malloc.c:366)
by 0x50AD9FC: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x1751AE: manager_remove_adapter (manager.c:275)
by 0x50ADF16: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x50ADF3A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.2800.8)
by 0x175086: manager_cleanup (manager.c:298)
by 0x11D7A8: main (main.c:305)
To fix this now adapter_remove and a2dp_unregister_sep are passed
directly as a callbacks so g_slist_remove is not triggered.
Instead of passing --[disable|enable]-configfiles, now we use
--[disable|enable]-datafiles as not all of the files are installed for
configuration but are rather data files.
When a vendor dependent command is requested but target does not
implement it, the correct return value is CTYPE_NOT_IMPLEMENTED instead
of CTYPE_REJECTED.
AVRCP 1.3 spec clearly says so on section 4.5.1:
[ It is assumed that devices that do not support this metadata
transfer related features shall return a response of NOT
IMPLEMENTED as per AV/C protocol specification ]
And AV/C General Specification, section 8.3.2 talks about legacy
behavior and mandates that NOT_IMPLEMENTED is returned.
Finally, in section 11.6.1 we see that VENDOR-DEPENDENT command frame
depends on the company_ID. Therefore we can't assume it has the same
format as the one specified for metadata transfer (in case the company
ID is 0x001958)
In order to support vendordep pdu as required by AVRCP 1.3 this part
will get very large. So, separate it to a new function like is done for
panel_passthrough.
