From 3adfbaeb2fa232a843b55a2eb450e62e65e1e6ed Mon Sep 17 00:00:00 2001 From: wangcheng Date: Fri, 7 Aug 2020 11:09:43 +0800 Subject: [PATCH] component/bt: Fix a potential double free error. --- components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c b/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c index a155737f73..cb20a5b191 100644 --- a/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c +++ b/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c @@ -306,8 +306,11 @@ void bta_gattc_clcb_dealloc(tBTA_GATTC_CLCB *p_clcb) p_srcb->p_srvc_cache = NULL; } } - osi_free(p_clcb->p_q_cmd); - p_clcb->p_q_cmd = NULL; + + if ( p_clcb->p_q_cmd != NULL && !list_contains(p_clcb->p_cmd_list, p_clcb->p_q_cmd)){ + osi_free(p_clcb->p_q_cmd); + p_clcb->p_q_cmd = NULL; + } // don't forget to clear the command queue before dealloc the clcb. list_clear(p_clcb->p_cmd_list); osi_free((void *)p_clcb->p_cmd_list);