The g_attrib_cancel_all function may call functions such as
find_included_cb that should at this point no longer have access to the
GAttrib instance and try to do operations with it. Therefore it is
safest to ensure that device->attrib is no longer available in these
functions.
btd_service do alter its state on service_remove which can cause
plugins to attempt to access services list which may have freed some
services already.
To fix this the code now updates the list in place so the services are
first removed from services list before calling service_remove.
This rename service_shutdown to service_remove to make it more similar to
other internal APIs such as device_remove which only do object
cleanup/free and do not have any disconnect logic.
This is an improved version of recently reverted commit 1796f00e84.
Response size is verified against minimal allowed value only if it is
complete response. If response is partial it is allowed by spec that
it will be split in arbitrary manner.
Verified against Nokia BH217 on which original commit caused
regression.
When a virtual device starts a LE advertising, emulator searches for
other virtual devices that are in scan mode, in order to send adv data
to these devices.
Inverse goes when LE scan is enabled. Emulator searches virtual devices
that are in advertising mode and copy adv data to them.
Apparently some stacks set the current UID to 0 when paused/stopped
which causes the following:
bluetoothd[23185]: profiles/audio/player.c:media_player_set_playlist_item() 0
bluetoothd[23185]: profiles/audio/player.c:media_folder_create_item() (null) type audio uid 0
process 23185: arguments to dbus_message_iter_append_basic() were incorrect, assertion "_dbus_check_is_valid_path (*string_p)" failed in file dbus-message.c line 2531.
This is normally a bug in some application using the D-Bus library.
D-Bus not built with -rdynamic so unable to print a backtrace
UID 0 is not a valid UID according to the spec so the code should not
attempt to create any object to represent it.
This reverts commit 1796f00e84.
This patch causes a regression with the Nokia BH217 headset. A correct
patch must take into account fragmented responses.
Conditional jump or move depends on uninitialised value(s)
at 0x42C1AF: obex_put_stream_start (obex.c:869)
by 0x428D1A: mns_put (mns.c:148)
by 0x42B521: cmd_put (obex.c:982)
by 0x419FB5: incoming_data (gobex.c:1022)
by 0x3F31A47A54: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x3F31A47D87: ??? (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x3F31A48181: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3400.2)
by 0x40DEE2: main (main.c:319)
Uninitialised value was created by a stack allocation
at 0x42C160: obex_put_stream_start (obex.c:862)
