diff options
| author | Sharvil Nanavati <sharvil@google.com> | 2014-09-21 23:43:22 -0700 |
|---|---|---|
| committer | Andre Eisenbach <eisenbach@google.com> | 2015-03-16 16:51:37 -0700 |
| commit | 529e247940dcd1c137906ea07ecef84961e151de (patch) | |
| tree | 5314de28c6a194d9bc9f4d6b92cdc463b53781a9 /btif | |
| parent | 8d33c08bc61d3abd4d0f48859e62ddd3b9c0a80b (diff) | |
| download | android_system_bt-529e247940dcd1c137906ea07ecef84961e151de.tar.gz android_system_bt-529e247940dcd1c137906ea07ecef84961e151de.tar.bz2 android_system_bt-529e247940dcd1c137906ea07ecef84961e151de.zip | |
Fix NULL pointer dereference in bta_pan_co_tx_path.
This happens when the PAN connection terminates but the stack is
still sending data back to the system. There's a timing component
to this bug; the stack doesn't crash 100% of the time since it
depends on whether the TX path notices the PAN connection was torn
down or not before calling bta_pan_co_tx_path.
Diffstat (limited to 'btif')
| -rw-r--r-- | btif/co/bta_pan_co.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/btif/co/bta_pan_co.c b/btif/co/bta_pan_co.c index ad0c79654..ff3043bba 100644 --- a/btif/co/bta_pan_co.c +++ b/btif/co/bta_pan_co.c @@ -172,7 +172,7 @@ void bta_pan_co_tx_path(UINT16 handle, UINT8 app_id) if(!conn || conn->state != PAN_STATE_OPEN) { BTIF_TRACE_ERROR("bta_pan_co_tx_path: cannot find pan connction or conn" - "is not opened, conn:%p, conn->state:%d", conn, conn->state); + "is not opened, conn:%p, conn->state:%d", conn, conn ? conn->state : -1); return; } do |