Bluetooth: ATT: Fix passing wrong pointer when disconnecting
When disconnecting att_reset is called and all requests are notified but instead of passing req->user_data like it should it pass the req itself which nowdays comes from a k_mem_slab, rather than being a contiguous memory that would contain the request and its user data, which would likely cause invalid access. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
Luiz Augusto von Dentz
Johan Hedberg
parent
aae0f52509
commit
8863b72b05
1 changed files with 2 additions and 1 deletions
|
|
@ -2091,7 +2091,8 @@ static void att_reset(struct bt_att *att)
|
||||||
/* Notify pending requests */
|
/* Notify pending requests */
|
||||||
SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&att->reqs, req, tmp, node) {
|
SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&att->reqs, req, tmp, node) {
|
||||||
if (req->func) {
|
if (req->func) {
|
||||||
req->func(NULL, BT_ATT_ERR_UNLIKELY, NULL, 0, req);
|
req->func(NULL, BT_ATT_ERR_UNLIKELY, NULL, 0,
|
||||||
|
req->user_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
att_req_destroy(req);
|
att_req_destroy(req);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue