bluez/android/hal-a2dp.c
Luiz Augusto von Dentz 6dfd0d376f android: Fix crash on android-tester
When doing the HAL cleanup the callbacks should be reset to NULL
after calling hal_ipc_unregister otherwise an handler may be called
leading to invalid reads:

BlueZ D: android/hal-a2dp.c:cleanup()
bluetoothd[2624]: android/avdtp.c:connection_lost() Disconnected: Input/output error (5)
bluetoothd[2624]: android/avdtp.c:avdtp_ref() 0x5841900: ref=2
bluetoothd[2624]: android/a2dp.c:bt_a2dp_notify_state() device 00:AA:01:01:00:00 state 0
==2564== Thread 3:
==2564== Invalid read of size 8
==2564==    at 0x6B66B47: handle_conn_state (hal-a2dp.c:38)
==2564==    by 0x6B6CDB3: notification_handler (hal-ipc.c:125)
==2564==    by 0x5368EE4: start_thread (in /usr/lib64/libpthread-2.18.so)
==2564==    by 0x5672B8C: clone (in /usr/lib64/libc-2.18.so)
==2564==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
2014-12-03 13:59:13 +02:00

166 lines
3.7 KiB
C

/*
* Copyright (C) 2013 Intel Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
#include "hal-log.h"
#include "hal.h"
#include "hal-msg.h"
#include "hal-ipc.h"
static const btav_callbacks_t *cbs = NULL;
static bool interface_ready(void)
{
return cbs != NULL;
}
static void handle_conn_state(void *buf, uint16_t len, int fd)
{
struct hal_ev_a2dp_conn_state *ev = buf;
if (cbs->connection_state_cb)
cbs->connection_state_cb(ev->state,
(bt_bdaddr_t *) (ev->bdaddr));
}
static void handle_audio_state(void *buf, uint16_t len, int fd)
{
struct hal_ev_a2dp_audio_state *ev = buf;
if (cbs->audio_state_cb)
cbs->audio_state_cb(ev->state, (bt_bdaddr_t *)(ev->bdaddr));
}
static void handle_audio_config(void *buf, uint16_t len, int fd)
{
#if ANDROID_VERSION >= PLATFORM_VER(5, 0, 0)
struct hal_ev_a2dp_audio_config *ev = buf;
if (cbs->audio_config_cb)
cbs->audio_config_cb((bt_bdaddr_t *)(ev->bdaddr),
ev->sample_rate, ev->channel_count);
#endif
}
/*
* handlers will be called from notification thread context,
* index in table equals to 'opcode - HAL_MINIMUM_EVENT'
*/
static const struct hal_ipc_handler ev_handlers[] = {
/* HAL_EV_A2DP_CONN_STATE */
{ handle_conn_state, false, sizeof(struct hal_ev_a2dp_conn_state) },
/* HAL_EV_A2DP_AUDIO_STATE */
{ handle_audio_state, false, sizeof(struct hal_ev_a2dp_audio_state) },
/* HAL_EV_A2DP_AUDIO_CONFIG */
{ handle_audio_config, false, sizeof(struct hal_ev_a2dp_audio_config) },
};
static bt_status_t a2dp_connect(bt_bdaddr_t *bd_addr)
{
struct hal_cmd_a2dp_connect cmd;
DBG("");
if (!interface_ready())
return BT_STATUS_NOT_READY;
memcpy(cmd.bdaddr, bd_addr, sizeof(cmd.bdaddr));
return hal_ipc_cmd(HAL_SERVICE_ID_A2DP, HAL_OP_A2DP_CONNECT,
sizeof(cmd), &cmd, NULL, NULL, NULL);
}
static bt_status_t disconnect(bt_bdaddr_t *bd_addr)
{
struct hal_cmd_a2dp_disconnect cmd;
DBG("");
if (!interface_ready())
return BT_STATUS_NOT_READY;
memcpy(cmd.bdaddr, bd_addr, sizeof(cmd.bdaddr));
return hal_ipc_cmd(HAL_SERVICE_ID_A2DP, HAL_OP_A2DP_DISCONNECT,
sizeof(cmd), &cmd, NULL, NULL, NULL);
}
static bt_status_t init(btav_callbacks_t *callbacks)
{
struct hal_cmd_register_module cmd;
int ret;
DBG("");
if (interface_ready())
return BT_STATUS_DONE;
cbs = callbacks;
hal_ipc_register(HAL_SERVICE_ID_A2DP, ev_handlers,
sizeof(ev_handlers)/sizeof(ev_handlers[0]));
cmd.service_id = HAL_SERVICE_ID_A2DP;
cmd.mode = HAL_MODE_DEFAULT;
cmd.max_clients = 1;
ret = hal_ipc_cmd(HAL_SERVICE_ID_CORE, HAL_OP_REGISTER_MODULE,
sizeof(cmd), &cmd, NULL, NULL, NULL);
if (ret != BT_STATUS_SUCCESS) {
cbs = NULL;
hal_ipc_unregister(HAL_SERVICE_ID_A2DP);
}
return ret;
}
static void cleanup(void)
{
struct hal_cmd_unregister_module cmd;
DBG("");
if (!interface_ready())
return;
cmd.service_id = HAL_SERVICE_ID_A2DP;
hal_ipc_cmd(HAL_SERVICE_ID_CORE, HAL_OP_UNREGISTER_MODULE,
sizeof(cmd), &cmd, NULL, NULL, NULL);
hal_ipc_unregister(HAL_SERVICE_ID_A2DP);
cbs = NULL;
}
static btav_interface_t iface = {
.size = sizeof(iface),
.init = init,
.connect = a2dp_connect,
.disconnect = disconnect,
.cleanup = cleanup
};
btav_interface_t *bt_get_a2dp_interface(void)
{
return &iface;
}