michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: GATT: Fix subscriptions removal

Browse source 
This fix not removing subscription if it was first element on the list.
In that case prev was NULL resulting in passing garbage node to
sys_slist_remove.

Change-Id: I9452af08409692f9a331afd514fbac8cc727d289
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
This commit is contained in:
Szymon Janc 2017-02-15 15:52:38 +01:00 committed by Johan Hedberg
commit 767cd577dc
1 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

17
subsys/bluetooth/host/gatt.c
View file

@ -736,12 +736,13 @@ static void gatt_subscription_remove(struct bt_conn *conn, sys_snode_t *prev,
static void remove_subscriptions(struct bt_conn *conn)
{
struct bt_gatt_subscribe_params *params, *tmp, *prev = NULL;
struct bt_gatt_subscribe_params *params, *tmp;
sys_snode_t *prev = NULL;
/* Lookup existing subscriptions */
SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&subscriptions, params, tmp, node) {
if (bt_conn_addr_le_cmp(conn, &params->_peer)) {
prev = params;
prev = &params->node;
continue;
}
@ -749,10 +750,10 @@ static void remove_subscriptions(struct bt_conn *conn)
(params->flags & BT_GATT_SUBSCRIBE_FLAG_VOLATILE)) {
/* Remove subscription */
params->value = 0;
gatt_subscription_remove(conn, &prev->node, params);
gatt_subscription_remove(conn, prev, params);
} else {
update_subscription(conn, params);
prev = params;
prev = &params->node;
}
}
}
@ -1740,8 +1741,9 @@ int bt_gatt_subscribe(struct bt_conn *conn,
int bt_gatt_unsubscribe(struct bt_conn *conn,
struct bt_gatt_subscribe_params *params)
{
struct bt_gatt_subscribe_params *tmp, *next, *prev = NULL;
struct bt_gatt_subscribe_params *tmp, *next;
bool has_subscription = false, found = false;
sys_snode_t *prev = NULL;
if (!conn || !params) {
return -EINVAL;
@ -1756,11 +1758,10 @@ int bt_gatt_unsubscribe(struct bt_conn *conn,
/* Remove subscription */
if (params == tmp) {
found = true;
sys_slist_remove(&subscriptions, &prev->node,
&tmp->node);
sys_slist_remove(&subscriptions, prev, &tmp->node);
continue;
} else {
prev = tmp;
prev = &tmp->node;
}
/* Check if there still remains any other subscription */