Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e00c8bcf authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

Fix stack crash after bonding 

delayed_auth_timer_ent was freed and re-created during it's execution.
Instead of re-creating, just cancel the timers in smp_cb_cleanup.

Test: manual, bond with HID device on linux
Bug: 34083285
Change-Id: Ie569666846db5dcb2466cff00665b2c1490d7d10
parent 93545caf

system/stack/smp/smp_utils.cc

+6 −4
Original line number Diff line number Diff line
@@ -844,16 +844,18 @@ void smp_xor_128(BT_OCTET16 a, BT_OCTET16 b) { 
void smp_cb_cleanup(tSMP_CB* p_cb) {

  tSMP_CALLBACK* p_callback = p_cb->p_callback;

  uint8_t trace_level = p_cb->trace_level;

  alarm_t* smp_rsp_timer_ent = p_cb->smp_rsp_timer_ent;

  alarm_t* delayed_auth_timer_ent = p_cb->delayed_auth_timer_ent;



  SMP_TRACE_EVENT("smp_cb_cleanup");



  alarm_free(p_cb->smp_rsp_timer_ent);

  alarm_free(p_cb->delayed_auth_timer_ent);

  alarm_cancel(p_cb->smp_rsp_timer_ent);

  alarm_cancel(p_cb->delayed_auth_timer_ent);

  memset(p_cb, 0, sizeof(tSMP_CB));

  p_cb->p_callback = p_callback;

  p_cb->trace_level = trace_level;

  p_cb->smp_rsp_timer_ent = alarm_new("smp.smp_rsp_timer_ent");

  p_cb->delayed_auth_timer_ent = alarm_new("smp.delayed_auth_timer_ent");

  p_cb->smp_rsp_timer_ent = smp_rsp_timer_ent;

  p_cb->delayed_auth_timer_ent = delayed_auth_timer_ent;

}



/*******************************************************************************