michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: tbs_client: Fix possible NULL pointer dereference

Browse source 
This fixes notification callback that can be called with NULL conn
parameter when peer is being unpaired.

Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
This commit is contained in:
Mariusz Skamra 2023-06-22 14:27:10 +02:00 committed by Carles Cufí
commit d72c17684c
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
subsys/bluetooth/audio/tbs_client.c
View file

@ -543,15 +543,16 @@ static uint8_t notify_handler(struct bt_conn *conn,
const void *data, uint16_t length) const void *data, uint16_t length)
{ {
uint16_t handle = params->value_handle; uint16_t handle = params->value_handle;
struct bt_tbs_instance *tbs_inst = lookup_inst_by_handle(conn, handle); struct bt_tbs_instance *tbs_inst;
if (data == NULL) { if (data == NULL || conn == NULL) {
LOG_DBG("[UNSUBSCRIBED] 0x%04X", params->value_handle); LOG_DBG("[UNSUBSCRIBED] 0x%04X", params->value_handle);
params->value_handle = 0U; params->value_handle = 0U;
return BT_GATT_ITER_STOP; return BT_GATT_ITER_STOP;
} }
tbs_inst = lookup_inst_by_handle(conn, handle);
if (tbs_inst != NULL) { if (tbs_inst != NULL) {
uint8_t inst_index = tbs_index(conn, tbs_inst); uint8_t inst_index = tbs_index(conn, tbs_inst);