From 5f146455f3f7a08f5fca8329dacf61e188df88b8 Mon Sep 17 00:00:00 2001
From: lly <lly@espressif.com>
Date: Mon, 26 Oct 2020 20:33:05 +0800
Subject: [PATCH] component/bt: Fix gatt clcb use-after-free issue

---
 components/bt/host/bluedroid/stack/gatt/gatt_utils.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/bt/host/bluedroid/stack/gatt/gatt_utils.c b/components/bt/host/bluedroid/stack/gatt/gatt_utils.c
index eab976a62f..714524e866 100644
--- a/components/bt/host/bluedroid/stack/gatt/gatt_utils.c
+++ b/components/bt/host/bluedroid/stack/gatt/gatt_utils.c
@@ -2341,6 +2341,7 @@ void gatt_cleanup_upon_disc(BD_ADDR bda, UINT16 reason, tBT_TRANSPORT transport)
                 GATT_TRACE_DEBUG ("found p_clcb conn_id=%d clcb_idx=%d", p_clcb->conn_id, p_clcb->clcb_idx);
                 if (p_clcb->operation != GATTC_OPTYPE_NONE) {
                     gatt_end_operation(p_clcb, GATT_ERROR, NULL);
+                    p_clcb = NULL;
                 }
                 gatt_clcb_dealloc(p_clcb);
             }