mirror of
https://git.kernel.org/pub/scm/bluetooth/bluez.git
synced 2024-11-23 12:14:26 +08:00
7a35c12a6c
When a obex transfer is interrupted by a peer in the middle, the response G_OBEX_RSP_FORBIDDEN comes and the transfer is freed in transfer_complete. However gobex is still ref'ed and gobex->io continues to be writable, so write_data() and then g_obex_abort() are called. When the abort response comes, struct obc_transfer is already freed, which leads to the crash. Backtrace : __GI___pthread_mutex_lock (mutex=0x65732f74) at pthread_mutex_lock.c:67 0xecc6eeda in dbus_connection_get_object_path_data () from libdbus-1.so.3 0x000457d4 in g_dbus_emit_property_changed_full () at gdbus/object.c:1794 0x00045868 in g_dbus_emit_property_changed () at gdbus/object.c:1832 0x000367f0 in transfer_set_status () at obexd/client/transfer.c:211 0x0003681e in transfer_set_status () at obexd/client/transfer.c:206 xfer_complete () at obexd/client/transfer.c:672 0x00022df6 in transfer_complete () at gobex/gobex-transfer.c:103 0x00022f44 in transfer_abort_response () at gobex/gobex-transfer.c:124 0x00020a0e in handle_response () at gobex/gobex.c:1128 0x00020dde in incoming_data () at gobex/gobex.c:1373 This commit introduces g_obex_drop_tx_queue(), which will be called if a transfer error detected. After the tx queue is dropped, obex shuts down gracefully. |
||
|---|---|---|
| .. | ||
| gobex-apparam.c | ||
| gobex-apparam.h | ||
| gobex-debug.h | ||
| gobex-defs.c | ||
| gobex-defs.h | ||
| gobex-header.c | ||
| gobex-header.h | ||
| gobex-packet.c | ||
| gobex-packet.h | ||
| gobex-transfer.c | ||
| gobex.c | ||
| gobex.h | ||