From 58a501d6cd79963bae99366b800d23f52e3aa45e Mon Sep 17 00:00:00 2001 From: Lingao Meng Date: Tue, 22 Mar 2022 14:15:27 +0800 Subject: [PATCH] Bluetooth: Mesh: Fix unref null pointer When pb-gatt advertising enabled, after extablish connect, will call `cb->connected` and `cb->adv_send`. In previous connected also clear `ADV_FLAG_PROXY` flag, but in `adv_send` will attempt unref null point buffers. Signed-off-by: Lingao Meng --- subsys/bluetooth/mesh/adv_ext.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/subsys/bluetooth/mesh/adv_ext.c b/subsys/bluetooth/mesh/adv_ext.c index c8d1de914d0..606fd1debd1 100644 --- a/subsys/bluetooth/mesh/adv_ext.c +++ b/subsys/bluetooth/mesh/adv_ext.c @@ -343,9 +343,11 @@ static void adv_sent(struct bt_le_ext_adv *instance, BT_DBG("Advertising stopped after %u ms", (uint32_t)duration); atomic_clear_bit(adv->flags, ADV_FLAG_ACTIVE); + atomic_clear_bit(adv->flags, ADV_FLAG_PROXY); - if (!atomic_test_and_clear_bit(adv->flags, ADV_FLAG_PROXY)) { + if (adv->buf) { net_buf_unref(adv->buf); + adv->buf = NULL; } (void)schedule_send(adv);