Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6d2de2f authored by Ugo Yu's avatar Ugo Yu Committed by Cherrypicker Worker
Browse files

Fix null pointer access in handle_rc_ctrl_features 

There is a chance the callback gets invoked right after a AVRC
disconnection and bt_rc_ctrl_callbacks has been cleared.

Tag: stability
Bug: 242208896
Test: presubmit, Bluetooth calling test items
(cherry picked from https://android-review.googlesource.com/q/commit:722854df05ddad0567f5c30db2491afc90d15228)
Merged-In: I649ac336022a20894d2311313d7ed68687bc70a3
Change-Id: I649ac336022a20894d2311313d7ed68687bc70a3
Bug: 263323082
parent faacd2db

system/btif/src/btif_rc.cc

+5 −5
Original line number Diff line number Diff line
@@ -734,13 +734,13 @@ void handle_rc_connect(tBTA_AV_RC_OPEN* p_rc_open) { 
    do_in_jni_thread(FROM_HERE,

                     base::Bind(bt_rc_ctrl_callbacks->connection_state_cb, true,

                                false, p_dev->rc_addr));

  }

    /* report connection state if remote device is AVRCP target */

    handle_rc_ctrl_features(p_dev);



    /* report psm if remote device is AVRCP target */

    handle_rc_ctrl_psm(p_dev);

  }

}



/***************************************************************************

 *  Function       handle_rc_disconnect