GATT: Fix crash in ccc_write_cb.submit/tizen/20220207.225310accepted/tizen/unified/20220208.112116

When gatt client is disconnected after notification enable,
The pending_op becomes null which when used in stop_notify_setup
causes bluetoothd to crash.
This patch will fix the same.

Change-Id: I75316e67be6a1b941457066f05e17ddf2db8732d
Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>

1 files changed, 16 insertions, 4 deletions

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 6e659299..382f8dde 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -3182,8 +3182,12 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data)
 		 * operation, so simply ignore the return the value.
 		 */
 #ifdef TIZEN_FEATURE_BLUEZ_MODIFY
-		g_dbus_proxy_method_call(chrc->proxy, "StopNotify",
+		if (op)
+			g_dbus_proxy_method_call(chrc->proxy, "StopNotify",
 					stop_notify_setup, NULL, op, NULL);
+		else
+			g_dbus_proxy_method_call(chrc->proxy, "StopNotify",
+					NULL, NULL, NULL, NULL);
 #else
 		g_dbus_proxy_method_call(chrc->proxy, "StopNotify", NULL,
 							NULL, NULL, NULL);
@@ -3223,13 +3227,21 @@ static uint8_t ccc_write_cb(struct pending_op *op, void *user_data)
 	 * value for now.
 	 */
 #ifdef TIZEN_FEATURE_BLUEZ_MODIFY
-	if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", start_notify_setup, NULL,
-						op, NULL) == FALSE)
+	if (op) {
+		if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify",
+				start_notify_setup, NULL, op, NULL) == FALSE)
+			return BT_ATT_ERROR_UNLIKELY;
+	}
+	else {
+		if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", NULL,
+					NULL, NULL, NULL) == FALSE)
+			return BT_ATT_ERROR_UNLIKELY;
+	}
 #else
 	if (g_dbus_proxy_method_call(chrc->proxy, "StartNotify", NULL, NULL,
 						NULL, NULL) == FALSE)
-#endif
 		return BT_ATT_ERROR_UNLIKELY;
+#endif
 
 	__sync_fetch_and_add(&chrc->ntfy_cnt, 1);