From 164997007447ffbf011934e84e21040f5e3eeff4 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Thu, 25 Apr 2019 19:39:41 +0530
Subject: [PATCH BlueZ]     device: Fix crash when connecting ATT with BR/EDR
 only device

commit 5252296b725ef159992be5372f60721bd9adca48
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Wed Aug 9 14:14:23 2017 +0300

    device: Fix crash when connecting ATT with BR/EDR only device
---
 src/device.c | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/src/device.c b/src/device.c
index 4d2a59522..54bef1bd3 100644
--- a/src/device.c
+++ b/src/device.c
@@ -133,10 +133,15 @@ struct authentication_req {
 	gboolean secure;
 };
 
+enum {
+	BROWSE_SDP,
+	BROWSE_GATT
+};
+
 struct browse_req {
 	DBusMessage *msg;
 	struct btd_device *device;
-	uint8_t bdaddr_type;
+	uint8_t type;
 	GSList *match_uuids;
 	GSList *profiles_added;
 	sdp_list_t *records;
@@ -2149,13 +2154,13 @@ static void store_gatt_db(struct btd_device *device)
 }
 
 
-static void browse_request_complete(struct browse_req *req, uint8_t bdaddr_type,
-									int err)
+static void browse_request_complete(struct browse_req *req, uint8_t type,
+						uint8_t bdaddr_type, int err)
 {
 	struct btd_device *dev = req->device;
 	DBusMessage *reply = NULL;
 
-	if (req->bdaddr_type != bdaddr_type)
+	if (req->type != type)
 		return;
 
 	if (!req->msg)
@@ -2209,8 +2214,8 @@ static void device_set_svc_refreshed(struct btd_device *device, bool value)
 					DEVICE_INTERFACE, "ServicesResolved");
 }
 
-static void device_svc_resolved(struct btd_device *dev, uint8_t bdaddr_type,
-								int err)
+static void device_svc_resolved(struct btd_device *dev, uint8_t browse_type,
+						uint8_t bdaddr_type, int err)
 {
 	struct bearer_state *state = get_state(dev, bdaddr_type);
 	struct browse_req *req = dev->browse;
@@ -2258,7 +2263,7 @@ static void device_svc_resolved(struct btd_device *dev, uint8_t bdaddr_type,
 		return;
 
 	dev->browse = NULL;
-	browse_request_complete(req, bdaddr_type, err);
+	browse_request_complete(req, browse_type, bdaddr_type, err);
 }
 
 static struct bonding_req *bonding_request_new(DBusMessage *msg,
@@ -4517,7 +4522,7 @@ static void search_cb(sdp_list_t *recs, int err, gpointer user_data)
 						DEVICE_INTERFACE, "UUIDs");
 
 send_reply:
-	device_svc_resolved(device, BDADDR_BREDR, err);
+	device_svc_resolved(device, BROWSE_SDP, BDADDR_BREDR, err);
 }
 
 static void browse_cb(sdp_list_t *recs, int err, gpointer user_data)
@@ -4642,7 +4647,8 @@ static void gatt_client_ready_cb(bool success, uint8_t att_ecode,
 	DBG("status: %s, error: %u", success ? "success" : "failed", att_ecode);
 
 	if (!success) {
-		device_svc_resolved(device, device->bdaddr_type, -EIO);
+		device_svc_resolved(device, BROWSE_GATT, device->bdaddr_type,
+									-EIO);
 		return;
 	}
 
@@ -4650,7 +4656,7 @@ static void gatt_client_ready_cb(bool success, uint8_t att_ecode,
 
 	btd_gatt_client_ready(device->client_dbus);
 
-	device_svc_resolved(device, device->bdaddr_type, 0);
+	device_svc_resolved(device, BROWSE_GATT, device->bdaddr_type, 0);
 
 	store_gatt_db(device);
 }
@@ -4855,6 +4861,7 @@ static void att_connect_cb(GIOChannel *io, GError *gerr, gpointer user_data)
 
 		if (device->browse) {
 			browse_request_complete(device->browse,
+						BROWSE_GATT,
 						device->bdaddr_type,
 						-ECONNABORTED);
 			device->browse = NULL;
@@ -4959,7 +4966,7 @@ int device_connect_le(struct btd_device *dev)
 }
 
 static struct browse_req *browse_request_new(struct btd_device *device,
-							uint8_t bdaddr_type,
+							uint8_t type,
 							DBusMessage *msg)
 {
 	struct browse_req *req;
@@ -4969,7 +4976,7 @@ static struct browse_req *browse_request_new(struct btd_device *device,
 
 	req = g_new0(struct browse_req, 1);
 	req->device = device;
-	req->bdaddr_type = bdaddr_type;
+	req->type = type;
 
 	device->browse = req;
 
@@ -4995,7 +5002,7 @@ static int device_browse_gatt(struct btd_device *device, DBusMessage *msg)
 	struct btd_adapter *adapter = device->adapter;
 	struct browse_req *req;
 
-	req = browse_request_new(device, device->bdaddr_type, msg);
+	req = browse_request_new(device, BROWSE_GATT, msg);
 	if (!req)
 		return -EBUSY;
 
@@ -5011,7 +5018,8 @@ static int device_browse_gatt(struct btd_device *device, DBusMessage *msg)
 		 * Services have already been discovered, so signal this browse
 		 * request as resolved.
 		 */
-		device_svc_resolved(device, device->bdaddr_type, 0);
+		device_svc_resolved(device, BROWSE_GATT, device->bdaddr_type,
+									0);
 		return 0;
 	}
 
@@ -5068,7 +5076,7 @@ static int device_browse_sdp(struct btd_device *device, DBusMessage *msg)
 	uuid_t uuid;
 	int err;
 
-	req = browse_request_new(device, BDADDR_BREDR, msg);
+	req = browse_request_new(device, BROWSE_SDP, msg);
 	if (!req)
 		return -EBUSY;
 
-- 
2.17.2