public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed
From: Pauli Virtanen <noreply@github.com>
To: linux-bluetooth@vger.kernel.org
Subject: [bluez/bluez] f3626f: gatt-database: remove database from dbs list when ...
Date: Sun, 12 Apr 2026 04:23:50 -0700	[thread overview]
Message-ID: <bluez/bluez/push/refs/heads/1080317/000000-f3626f@github.com> (raw)

  Branch: refs/heads/1080317
  Home:   https://github.com/bluez/bluez
  Commit: f3626f6349fece2f1f4f464381c56efd07cac5c6
      https://github.com/bluez/bluez/commit/f3626f6349fece2f1f4f464381c56efd07cac5c6
  Author: Pauli Virtanen <pav@iki.fi>
  Date:   2026-04-12 (Sun, 12 Apr 2026)

  Changed paths:
    M src/gatt-database.c

  Log Message:
  -----------
  gatt-database: remove database from dbs list when destroyed

btd_gatt_database_new() adds btd_gatt_database to the dbs lookup queue,
but nothing removes it from there even when destroying.

Fix by removing databases from the lookup queue before destroy.

Fixes crash on adapter removal in some cases:

ERROR: AddressSanitizer: heap-use-after-free on address 0x7bd476be1308
READ of size 8 at 0x7bd476be1308 thread T0
    #0 0x00000064562a in match_db
    #1 0x000000865410 in queue_find
    #2 0x000000645671 in btd_gatt_database_get
0x7bd476be1308 is located 8 bytes inside of 128-byte region [0x7bd476be1300,0x7bd476be>
freed by thread T0 here:
    #0 0x7f1478cee4cf in free.part.0
    #1 0x000000621625 in gatt_database_free
    #2 0x000000645582 in btd_gatt_database_destroy



To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

                 reply	other threads:[~2026-04-12 11:23 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bluez/bluez/push/refs/heads/1080317/000000-f3626f@github.com \
    --to=noreply@github.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox