bluetooth: fix invalid memory access

When an GetProperties() reply arrives after we already deleted the device structure for it make sure we don't accidentaly touch the invalidated object. https://bugzilla.redhat.com/show_bug.cgi?id=543205
author: Lennart Poettering <lennart@poettering.net> 2010-01-13 17:24:37 +0100
committer: Colin Guthrie <cguthrie@mandriva.org> 2010-02-09 22:31:40 +0000
commit: 41ce7cbde9e3f936c134e3982e5587ce831d04de (patch)
tree: 931480928d63deb43652ed6c2053d97ed41c9527 /src
parent: 7f7455b1be68d2ff5706ccf85eff1a96f7c43d34 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/modules/bluetooth/bluetooth-util.c b/src/modules/bluetooth/bluetooth-util.c
index 795d5108..b2c04293 100644
--- a/src/modules/bluetooth/bluetooth-util.c
+++ b/src/modules/bluetooth/bluetooth-util.c
@@ -342,7 +342,13 @@ static void get_properties_reply(DBusPendingCall *pending, void *userdata) {
 /*                  dbus_message_get_interface(p->message), */
 /*                  dbus_message_get_path(p->message)); */
 
-    d = p->call_data;
+    /* We don't use p->call_data here right-away since the device
+     * might already be invalidated at this point */
+
+    if (!(d = pa_hashmap_get(y->devices, dbus_message_get_path(p->message))))
+        return;
+
+    pa_assert(p->call_data == d);
 
     valid = dbus_message_get_type(r) == DBUS_MESSAGE_TYPE_ERROR ? -1 : 1;
author	Lennart Poettering <lennart@poettering.net>	2010-01-13 17:24:37 +0100
committer	Colin Guthrie <cguthrie@mandriva.org>	2010-02-09 22:31:40 +0000
commit	41ce7cbde9e3f936c134e3982e5587ce831d04de (patch)
tree	931480928d63deb43652ed6c2053d97ed41c9527 /src
parent	7f7455b1be68d2ff5706ccf85eff1a96f7c43d34 (diff)