From b43f1351ed5f5f0e73771754a9881a392ee4fe43 Mon Sep 17 00:00:00 2001 From: Emil Gydesen Date: Mon, 16 Jan 2023 11:32:47 +0100 Subject: [PATCH] Bluetooth: Audio: Fix issue with invalid bt_conn_ref in ASCS In ascs.c we had a case where we assigned stream->conn without taking the ref. In bt_audio_stream_attach we did not check if stream->conn was NULL before taking a reference, causing multiple calls to ase_config to take multiple references. Signed-off-by: Emil Gydesen --- subsys/bluetooth/audio/ascs.c | 4 +++- subsys/bluetooth/audio/stream.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/subsys/bluetooth/audio/ascs.c b/subsys/bluetooth/audio/ascs.c index 23ed2bb85ce..ef6d7f7853b 100644 --- a/subsys/bluetooth/audio/ascs.c +++ b/subsys/bluetooth/audio/ascs.c @@ -1012,7 +1012,9 @@ static void ase_stream_add(struct bt_ascs *ascs, struct bt_ascs_ase *ase, { LOG_DBG("ase %p stream %p", ase, stream); ase->ep.stream = stream; - stream->conn = ascs->conn; + if (stream->conn == NULL) { + stream->conn = bt_conn_ref(ascs->conn); + } stream->ep = &ase->ep; } diff --git a/subsys/bluetooth/audio/stream.c b/subsys/bluetooth/audio/stream.c index 1c29b12a1ba..b22b46d3c11 100644 --- a/subsys/bluetooth/audio/stream.c +++ b/subsys/bluetooth/audio/stream.c @@ -81,7 +81,9 @@ void bt_audio_stream_attach(struct bt_conn *conn, if (conn != NULL) { __ASSERT(stream->conn == NULL || stream->conn == conn, "stream->conn %p already attached", stream->conn); - stream->conn = bt_conn_ref(conn); + if (stream->conn == NULL) { + stream->conn = bt_conn_ref(conn); + } } stream->codec = codec; stream->ep = ep;